GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-02 18:29:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.GG2O 465,76GB Running: czslr0ut.exe; Driver: C:\Users\Paulina\AppData\Local\Temp\pxdyapod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800033bc000 45 bytes [00, 00, 0D, 02, 4D, 6D, 43, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800033bc02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 000000014a130440 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 000000014a130430 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 000000014a130450 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000014a1303b0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 000000014a130320 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 000000014a130380 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 000000014a1302e0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 000000014a130410 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 000000014a1302d0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 000000014a130310 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 000000014a130390 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 000000014a1303c0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 000000014a130230 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 000000014a130460 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 000000014a130370 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 000000014a1302f0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 000000014a130350 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 000000014a130290 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 000000014a1302b0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 000000014a1303a0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 000000014a130330 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 000000014a1303e0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 000000014a130240 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 000000014a1301e0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 000000014a130250 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 000000014a130470 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 000000014a130480 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 000000014a130300 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 000000014a130360 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 000000014a1302a0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 000000014a1302c0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 000000014a130340 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 000000014a130420 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 000000014a130260 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 000000014a130270 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 000000014a1303d0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 000000014a1301f0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 000000014a130210 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 000000014a130200 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 000000014a1303f0 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 000000014a130400 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 000000014a130220 .text C:\windows\system32\csrss.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 000000014a130280 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 000000014a130440 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 000000014a130430 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 000000014a130450 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000014a1303b0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 000000014a130320 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 000000014a130380 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 000000014a1302e0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 000000014a130410 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 000000014a1302d0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 000000014a130310 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 000000014a130390 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 000000014a1303c0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 000000014a130230 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 000000014a130460 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 000000014a130370 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 000000014a1302f0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 000000014a130350 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 000000014a130290 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 000000014a1302b0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 000000014a1303a0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 000000014a130330 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 000000014a1303e0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 000000014a130240 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 000000014a1301e0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 000000014a130250 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 000000014a130470 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 000000014a130480 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 000000014a130300 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 000000014a130360 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 000000014a1302a0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 000000014a1302c0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 000000014a130340 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 000000014a130420 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 000000014a130260 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 000000014a130270 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 000000014a1303d0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 000000014a1301f0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 000000014a130210 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 000000014a130200 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 000000014a1303f0 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 000000014a130400 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 000000014a130220 .text C:\windows\system32\csrss.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 000000014a130280 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\wininit.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\wininit.exe[784] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\winlogon.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\winlogon.exe[828] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\services.exe[904] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\services.exe[904] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\lsass.exe[912] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\lsass.exe[912] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\lsm.exe[920] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[124] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[124] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[720] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\System32\svchost.exe[596] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\System32\svchost.exe[596] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000703b0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\windows\System32\svchost.exe[1168] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[1168] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[1212] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[1272] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[1272] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1416] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1416] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[1512] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\WLANExt.exe[1668] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803b0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\conhost.exe[1676] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\conhost.exe[1676] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\ProgramData\eSafe\eGdpSvc.exe[1796] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\ProgramData\eSafe\eGdpSvc.exe[1796] C:\windows\syswow64\user32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\ProgramData\eSafe\eGdpSvc.exe[1796] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\ProgramData\eSafe\eGdpSvc.exe[1796] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010017075c .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001703a4 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100170b14 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100170ecc .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010017163c .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100171284 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\taskhost.exe[2184] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\taskhost.exe[2184] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001002a075c .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002a03a4 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001002a0b14 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001002a0ecc .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001002a163c .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001002a1284 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\taskeng.exe[2232] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\taskeng.exe[2232] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010039075c .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003903a4 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100390b14 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100390ecc .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010039163c .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100391284 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\Dwm.exe[2352] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\Dwm.exe[2352] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001001f075c .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001f03a4 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001001f0b14 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001001f0ecc .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001001f163c .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001001f1284 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\Explorer.EXE[2368] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\Explorer.EXE[2368] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 00000001000b1014 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 00000001000b0c0c .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 00000001000b0e10 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001001c01f8 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001001c03fc .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 00000001001c0804 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 00000001001c0600 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 00000001001c0a08 .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\iSafe\iSafeTray.exe[2448] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001003f075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003f03a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001003f0b14 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001003f0ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001003f163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001003f1284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2604] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010026075c .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002603a4 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100260b14 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100260ecc .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010026163c .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100261284 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Elantech\ETDCtrl.exe[2640] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001001b075c .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001b03a4 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 3 bytes JMP 00000001001b0b14 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 0000000077621434 1 byte [88] .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 3 bytes JMP 00000001001b0ecc .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 0000000077621494 1 byte [88] .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001001b163c .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 3 bytes JMP 00000001001b1284 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 00000000776217b4 1 byte [88] .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Windows\System32\rundll32.exe[2652] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100121014 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100120804 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100120a08 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100120c0c .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100120e10 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001001201f8 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001001203fc .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100120600 .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe[2664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001000b01f8 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001000b03fc .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 00000001000b0804 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 00000001000b0600 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 00000001000b0a08 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100101014 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100100804 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100100a08 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100100c0c .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100100e10 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001001001f8 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001001003fc .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100100600 .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Windows\SysWOW64\rundll32.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2300] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001000e075c .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001000e03a4 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001000e0b14 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001000e0ecc .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000e163c .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001000e1284 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\System32\spoolsv.exe[3008] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010032075c .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003203a4 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100320b14 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100320ecc .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010032163c .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100321284 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[2944] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\svchost.exe[2944] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010041075c .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001004103a4 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100410b14 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100410ecc .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010041163c .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100411284 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\taskeng.exe[2272] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\taskeng.exe[2272] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1240] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1240] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1240] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1240] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1240] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1240] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1240] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2136] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2136] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2136] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2136] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2136] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2136] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2112] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2112] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2112] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3068] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3068] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3068] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3068] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3068] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3068] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010015075c .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001503a4 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100150b14 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100150ecc .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010015163c .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100151284 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1560] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001002f075c .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002f03a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001002f0b14 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001002f0ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001002f163c .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001002f1284 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Bonjour\mDNSResponder.exe[3088] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010031075c .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003103a4 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100310b14 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100310ecc .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010031163c .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100311284 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[3136] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\svchost.exe[3136] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001001b075c .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001b03a4 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 3 bytes JMP 00000001001b0b14 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 0000000077621434 1 byte [88] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 3 bytes JMP 00000001001b0ecc .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 0000000077621494 1 byte [88] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001001b163c .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 3 bytes JMP 00000001001b1284 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 00000000776217b4 1 byte [88] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3160] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010022075c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002203a4 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100060440 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100060430 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100220b14 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100220ecc .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100060450 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010022163c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100060320 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100060380 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000602e0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100060410 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000602d0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100060310 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100060390 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100221284 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000603c0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100060230 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100060460 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100060370 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000602f0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100060350 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100060290 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000602b0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000603a0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100060330 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000603e0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100060240 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100060250 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100060470 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100060480 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100060300 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100060360 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000602a0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000602c0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100060340 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100060420 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100060260 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100060270 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000603d0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100060210 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100060200 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000603f0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100060400 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100060220 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100060280 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[3256] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010039075c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003903a4 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100390b14 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100390ecc .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010039163c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100391284 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[3324] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010049075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001004903a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100490b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100490ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010049163c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100491284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3368] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001001d075c .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001d03a4 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001001d0b14 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001001d0ecc .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001001d163c .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001001d1284 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[3436] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001001b075c .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001b03a4 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 3 bytes JMP 00000001001b0b14 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 0000000077621434 1 byte [88] .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 3 bytes JMP 00000001001b0ecc .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 0000000077621494 1 byte [88] .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001001b163c .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 3 bytes JMP 00000001001b1284 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 00000000776217b4 1 byte [88] .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe[3504] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 00000001000a1014 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 00000001000a0804 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 00000001000a0a08 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 00000001000a0c0c .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 00000001000a0e10 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001000a01f8 .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001000a03fc .text C:\windows\SysWOW64\irstrtsv.exe[3556] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 00000001000a0600 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001001001f8 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001001003fc .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100100804 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100100600 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100100a08 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100111014 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100110804 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100110a08 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100110c0c .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100110e10 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001001101f8 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001001103fc .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100110600 .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\windows\SysWOW64\srvany.exe[3604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe[3664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100230600 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100230804 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100230c0c .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100230a08 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001002301f8 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001002303fc .text C:\windows\KMService.exe[3672] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\windows\KMService.exe[3672] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\windows\KMService.exe[3672] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002601f8 .text C:\windows\KMService.exe[3672] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002603fc .text C:\windows\KMService.exe[3672] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100260804 .text C:\windows\KMService.exe[3672] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100260600 .text C:\windows\KMService.exe[3672] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\windows\KMService.exe[3672] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100260a08 .text C:\windows\KMService.exe[3672] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\windows\KMService.exe[3672] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010026075c .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002603a4 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100260b14 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100260ecc .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010026163c .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100261284 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\conhost.exe[3680] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\conhost.exe[3680] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[3760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010030075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003003a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100300b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100300ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010030163c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100301284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3932] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe[3972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100141014 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100140804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100140a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100140c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100140e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001001401f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001001403fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100140600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001001501f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001001503fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100150804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100150600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100150a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3848] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010036075c .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003603a4 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100360b14 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100360ecc .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010036163c .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100361284 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[3332] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\svchost.exe[3332] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001001e075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001e03a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001001e0b14 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001001e0ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001001e163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001001e1284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[4148] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001000f075c .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001000f03a4 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100060440 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100060430 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001000f0b14 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001000f0ecc .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100060450 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000f163c .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100060320 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100060380 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000602e0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100060410 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000602d0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100060310 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100060390 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001000f1284 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000603c0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100060230 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100060460 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100060370 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000602f0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100060350 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100060290 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000602b0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000603a0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100060330 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000603e0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100060240 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000601e0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100060250 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100060470 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100060480 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100060300 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100060360 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000602a0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000602c0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100060340 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100060420 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100060260 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100060270 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000603d0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000601f0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100060210 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100060200 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000603f0 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100060400 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100060220 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100060280 .text C:\windows\splwow64.exe[4252] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\splwow64.exe[4252] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010050075c .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001005003a4 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100500b14 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100500ecc .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010050163c .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100501284 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\wbem\unsecapp.exe[4520] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010039075c .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003903a4 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100390b14 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100390ecc .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010039163c .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100391284 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\igfxext.exe[4532] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\igfxext.exe[4532] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100131014 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100130804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100130a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100130c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100130e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001001301f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001001303fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100130600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001001401f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001001403fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100140804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100140600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100140a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 ? C:\windows\system32\mssprxy.dll [4620] entry point in ".rdata" section 000000006b8d71e6 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001003b075c .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003b03a4 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001003b0b14 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001003b0ecc .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001003b163c .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001003b1284 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\splwow64.exe[4704] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\splwow64.exe[4704] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010016075c .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001603a4 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100160b14 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100160ecc .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010016163c .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100161284 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\wbem\wmiprvse.exe[4792] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010041075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001004103a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100410b14 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100410ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010041163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100411284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[4812] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010026075c .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002603a4 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100260b14 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100260ecc .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010026163c .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100261284 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\System32\alg.exe[5464] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\System32\alg.exe[5464] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001002d075c .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002d03a4 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001002d0b14 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001002d0ecc .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001002d163c .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001002d1284 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\SearchIndexer.exe[5720] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010039075c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003903a4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100390b14 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100390ecc .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010039163c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100391284 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5736] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010029075c .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002903a4 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100290b14 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100290ecc .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010029163c .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100291284 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\svchost.exe[5936] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\svchost.exe[5936] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010030075c .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003003a4 .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100300b14 .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100300ecc .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010030163c .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100301284 .text C:\windows\system32\svchost.exe[4500] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\svchost.exe[4500] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6172] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001003c075c .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003c03a4 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001003c0b14 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001003c0ecc .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001003c163c .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001003c1284 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\System32\svchost.exe[6336] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\System32\svchost.exe[6336] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010014075c .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001403a4 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100140b14 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100140ecc .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010014163c .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100141284 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\wbem\unsecapp.exe[2780] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001003f075c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003f03a4 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001003f0b14 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001003f0ecc .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001003f163c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001003f1284 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[7040] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100181014 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100180804 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100180a08 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100180c0c .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100180e10 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001001801f8 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001001803fc .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100180600 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001001901f8 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001001903fc .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100190804 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100190600 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100190a08 .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[6692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\System32\svchost.exe[1636] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001001d075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001001d03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001001d0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001001d0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001001d163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001001d1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4856] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010039075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003903a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100390b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100390ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010039163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100391284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[6080] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010021075c .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002103a4 .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100210b14 .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100210ecc .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010021163c .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100211284 .text C:\windows\system32\taskeng.exe[5592] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\taskeng.exe[5592] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6212] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6212] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6212] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6212] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6212] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6212] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[6212] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 00000001000b1014 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 00000001000b0c0c .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 00000001000b0e10 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001000c01f8 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001000c03fc .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 00000001000c0804 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 00000001000c0600 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 00000001000c0a08 .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 00000001003a075c .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003a03a4 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 00000001003a0b14 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 00000001003a0ecc .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001003a163c .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 00000001003a1284 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\windows\notepad.exe[6192] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\notepad.exe[6192] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010027075c .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002703a4 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780440 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780430 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100270b14 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100270ecc .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780450 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010027163c .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000077780380 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000077780410 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000077780390 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100271284 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803c0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780460 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000077780370 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803a0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000000777803e0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780470 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000077780480 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780420 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000000777803d0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000000777803f0 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780400 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\windows\notepad.exe[6512] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\notepad.exe[6512] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010039075c .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001003903a4 .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100390b14 .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100390ecc .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010039163c .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100391284 .text C:\windows\system32\notepad.exe[2088] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\notepad.exe[2088] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000775f3b10 5 bytes JMP 000000010023075c .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000775f7ac0 5 bytes JMP 00000001002303a4 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070440 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070430 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077621430 5 bytes JMP 0000000100230b14 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077621490 5 bytes JMP 0000000100230ecc .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070450 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000010023163c .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 0000000100070380 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077621700 5 bytes JMP 0000000100070410 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 0000000100070390 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776217b0 5 bytes JMP 0000000100231284 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070460 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 0000000100070370 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070470 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 0000000100070480 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070420 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 00000001000703d0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 00000001000703f0 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070400 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\notepad.exe[5692] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007740eecd 1 byte [62] .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4 .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c .text C:\windows\system32\notepad.exe[5692] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777cfac0 5 bytes JMP 0000000100030600 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777cfb58 5 bytes JMP 0000000100030804 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777cfcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777d0038 5 bytes JMP 0000000100030a08 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000777ec4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000777f1287 5 bytes JMP 00000001000303fc .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007536a2ba 1 byte [62] .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754e5181 5 bytes JMP 0000000100241014 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754e5254 5 bytes JMP 0000000100240804 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754e53d5 5 bytes JMP 0000000100240a08 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754e54c2 5 bytes JMP 0000000100240c0c .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754e55e2 5 bytes JMP 0000000100240e10 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754e567c 5 bytes JMP 00000001002401f8 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754e589f 5 bytes JMP 00000001002403fc .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754e5a22 5 bytes JMP 0000000100240600 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007553ee09 5 bytes JMP 00000001002501f8 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075543982 5 bytes JMP 00000001002503fc .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075547603 5 bytes JMP 0000000100250804 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007554835c 5 bytes JMP 0000000100250600 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007555cfca 5 bytes JMP 0000000174ad44c0 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007555f52b 5 bytes JMP 0000000100250a08 .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77] .text C:\Users\Paulina\Desktop\czslr0ut.exe[6016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread [568:1056] 00000000754e7587 Thread [568:1060] 000000007503f28e Thread [568:1064] 000000007503f28e Thread [568:1068] 000000007503f28e Thread [568:1072] 000000007503f28e Thread [568:1076] 000000007503f28e Thread [568:1092] 0000000074e86b70 Thread [568:1148] 0000000074e86980 Thread [568:1164] 0000000077802e65 Thread [568:2528] 0000000074e86980 Thread [568:7164] 00000000748762ee Thread [568:5336] 0000000077803e85 Thread [568:1336] 0000000077803e85 Thread C:\windows\System32\svchost.exe [1636:4484] 000007fef0889688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532ed9c429 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532ed9c429 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\DkHyperbootSync 0 bytes ---- EOF - GMER 2.1 ----