GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-05 22:21:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000087 SAMSUNG_ rev.EXT4 238.47GB Running: 09vdb7ss.exe; Driver: C:\Users\ARKADI~1.NAW\AppData\Local\Temp\agqyipod.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\winlogon.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007705a230 6 bytes {JMP QWORD [RIP+0x9005e00]} .text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000770607b8 6 bytes {JMP QWORD [RIP+0x8fdf878]} .text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\USER32.dll!PeekMessageW 0000000077068fd4 6 bytes [68, 00, 00, F3, 00, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe[1344] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\WLANExt.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\conhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\spoolsv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe[1112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DellTPad\HidMonitorSvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe[2024] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\dllhost.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\IProsetMonitor.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\taskhost.exe[2528] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DellTPad\Apoint.exe[2540] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\Dwm.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2940] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DellTPad\ApMsgFwd.exe[3104] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DellTPad\HidFind.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\DellTPad\Apntex.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\conhost.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\UI0Detect.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\rundll32.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\dllhost.exe[4236] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\igfxtray.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\hkcmd.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\igfxsrvc.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\igfxpers.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\regsvr32.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[4948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\svchost.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768a8769 6 bytes [68, 22, 00, A1, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71990000 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 716e000a .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075d3b185 6 bytes [68, 22, 00, 90, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 716a000a .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, 73, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\WS2_32.dll!WSAIoctl 0000000075e22fe7 6 bytes [68, 22, 00, 77, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\WS2_32.dll!connect 0000000075e268f5 5 bytes JMP 00000000718d0022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075e2bcd5 5 bytes JMP 0000000071870022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\WS2_32.dll!WSAConnectByList 0000000075e3c07d 5 bytes JMP 00000000717f0022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\WS2_32.dll!WSAConnectByNameW 0000000075e3c5cf 5 bytes JMP 00000000717b0022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\CCleaner\CCleaner64.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\msdtc.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\unsecapp.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\wmiprvse.exe[5276] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\wmiprvse.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\unsecapp.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\SearchIndexer.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768a8769 6 bytes [68, 22, 00, A1, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71990000 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 716a000a .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075d3b185 6 bytes [68, 22, 00, 90, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 7166000a .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, 6F, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\WS2_32.dll!WSAIoctl 0000000075e22fe7 6 bytes [68, 22, 00, 73, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\WS2_32.dll!connect 0000000075e268f5 5 bytes JMP 0000000071890022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075e2bcd5 5 bytes JMP 00000000717f0022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\WS2_32.dll!WSAConnectByList 0000000075e3c07d 5 bytes JMP 00000000717b0022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\WS2_32.dll!WSAConnectByNameW 0000000075e3c5cf 5 bytes JMP 0000000071770022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5152] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc60 5 bytes JMP 0000000071950022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768a8769 6 bytes [68, 22, 00, A1, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 719e0000 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 718a000a .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075d3b185 6 bytes [68, 22, 00, 98, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 7186000a .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, 8F, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\WS2_32.dll!WSAIoctl 0000000075e22fe7 6 bytes [68, 22, 00, 71, 71, C3] .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\WS2_32.dll!connect 0000000075e268f5 5 bytes JMP 0000000071810022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075e2bcd5 5 bytes JMP 00000000717d0022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\WS2_32.dll!WSAConnectByList 0000000075e3c07d 5 bytes JMP 0000000071790022 .text C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe[6340] C:\Windows\syswow64\WS2_32.dll!WSAConnectByNameW 0000000075e3c5cf 5 bytes JMP 0000000071750022 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[6756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[6784] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[6964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe[7008] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\unsecapp.exe[7424] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\System32\rundll32.exe[8136] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Windows Media Player\wmpnetwk.exe[8736] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077176130 13 bytes {MOV R11, 0x7fee79e8c20; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076f49020 13 bytes {MOV R11, 0x7fee232d71c; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007705a230 6 bytes {JMP QWORD [RIP+0x9005e00]} .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000770607b8 6 bytes {JMP QWORD [RIP+0x8fdf878]} .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\system32\USER32.dll!GetWindowInfo 0000000077068b24 13 bytes {MOV R11, 0x7fee3590ea0; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[8916] C:\Windows\system32\USER32.dll!PeekMessageW 0000000077068fd4 6 bytes [68, 00, 00, 63, 00, C3] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[8744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\CCM\CcmExec.exe[6932] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\wmiprvse.exe[9200] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\CCM\RemCtrl\CmRcService.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[8288] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\system32\wbem\wmiprvse.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 71ab0000 .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 71a6000a .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 71a2000a .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, AE, 71, C3] .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\CCM\SCNotification.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 000000007719be50 5 bytes JMP 0000000074b79cc1 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 000000007719bf00 5 bytes JMP 0000000074b79b59 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007719bfa0 5 bytes JMP 0000000074b79db1 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007719bfb0 5 bytes JMP 0000000074b79c49 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007719bff0 5 bytes JMP 0000000074b79e29 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007719c060 5 bytes JMP 0000000074b79c85 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007719c260 5 bytes JMP 0000000074b79e65 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007719c280 5 bytes JMP 0000000074b79b1d .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007719c330 5 bytes JMP 0000000074b79ded .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007719c800 5 bytes JMP 0000000074b79b95 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007719c880 5 bytes JMP 0000000074b79bd1 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 000000007719c890 5 bytes JMP 0000000074b79d39 .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 000000007719c8c0 5 bytes JMP 0000000074b79c0d .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 000000007719cc80 5 bytes JMP 0000000074b79cfd .text C:\Windows\explorer.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 000000007719d110 5 bytes JMP 0000000074b79d75 .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007734fc60 5 bytes JMP 0000000071950022 .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768a8769 6 bytes [68, 22, 00, A1, 71, C3] .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000076b42e0b 4 bytes CALL 719e0000 .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d38a29 6 bytes JMP 718a000a .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075d3b185 6 bytes [68, 22, 00, 98, 71, C3] .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075d3d23e 6 bytes JMP 7186000a .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075d405d2 6 bytes [68, 22, 00, 8F, 71, C3] .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077301401 2 bytes JMP 768cb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077301419 2 bytes JMP 768cb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077301431 2 bytes JMP 76949149 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007730144a 2 bytes CALL 768a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773014dd 2 bytes JMP 76948a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773014f5 2 bytes JMP 76948c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007730150d 2 bytes JMP 76948938 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077301525 2 bytes JMP 76948d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007730153d 2 bytes JMP 768bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077301555 2 bytes JMP 768c6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007730156d 2 bytes JMP 76949201 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077301585 2 bytes JMP 76948d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007730159d 2 bytes JMP 769488fc C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773015b5 2 bytes JMP 768bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773015cd 2 bytes JMP 768cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773016b2 2 bytes JMP 769490c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\arkadiusz.nawrocki\Downloads\09vdb7ss.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773016bd 2 bytes JMP 76948891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\System32\regsvr32.exe[ADVAPI32.dll!RegOpenKeyExW] [7feed7db6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\System32\regsvr32.exe[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\System32\regsvr32.exe[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7feed7da184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7feed7da5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7feed7db6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7feed7db4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7feed7dbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7feed7da184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7feed7da5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7feed7da5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7feed7dabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7feed7dab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7feed7da2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7feed7da184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7feed7da804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7feed7da6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\System32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7feed7dab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7feed7da804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\System32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\System32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7feed7da890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!CreateFileW] [7feed7da42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefccc4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[4604] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!RegDeleteValueW] [7feed7dbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_unlock] [540046004f0053] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [45005200410057] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_amsg_exit] [6f0073006f0072] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_initterm] [57005c00740066] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_XcptFilter] [6f0064006e0069] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_callnewh] [4e002000730077] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!malloc] [750043005c0054] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_CxxThrowException] [6e006500720072] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!free] [72006500560074] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [6e006f00690073] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!??1exception@@UEAA@XZ] [740065004e005c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [6b0072006f0077] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z] [64007200610043] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_ltow] [73] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_lock] [76007200650053] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_onexit] [4e006500630069] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!wcscpy_s] [65006d0061] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!memcpy] [64006400690048] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!memcmp] [6e0065] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!memset] [6c007400690054] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!toupper] [65] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!wcsstr] [44005200410048] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_vsnwprintf] [45005200410057] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!_wcsicmp] [5600450044005c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!wcscat_s] [4d004500430049] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!__dllonexit] [53005c00500041] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[msvcrt.dll!__CxxFrameHandler3] [41004900520045] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[WS2_32.dll!GetNameInfoW] [200000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z] [7feefea93b0] C:\Windows\system32\tscfgwmi.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z] [7feefea9450] C:\Windows\system32\tscfgwmi.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?OnFinalRelease@CThreadBase@@MEAAXXZ] [5c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetDOUBLE@CInstance@@QEAA_NPEBGN@Z] [41bc1d3211388f26] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetCHString@CInstance@@QEAA_NPEBGPEBD@Z] [a444cff4403f90b3] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetCHString@CInstance@@QEAA_NPEBG0@Z] [47152da607fa6484] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetCharSplat@CInstance@@QEAA_NPEBG0@Z] [5f3c777da8ec1cb0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z] [4685bd2f7ee69fc1] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z] [64b14bac9ab415ba] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Format@CHString@@QEAAXPEBGZZ] [40bdd4154819a94d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetStringArray@CInstance@@QEAA_NPEBGAEBUtagSAFEARRAY@@@Z] [9267074e53d5afbb] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetDWORD@CInstance@@QEAA_NPEBGK@Z] [47d7ad2e00581c04] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ReleaseBuffer@CHString@@QEAAXH@Z] [ed58d410700176b4] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ] [4462d211f22ee5e2] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetNamespaceConnection@CWbemProviderGlue@@SAPEAUIWbemServices@@PEBGPEAVMethodContext@@@Z] [84149cd8afdf4abc] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetBuffer@CHString@@QEAAPEAGH@Z] [492ea3b2d8beb79f] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?UnlockBuffer@CHString@@QEAAXXZ] [da6d7e6d15882ca6] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?LockBuffer@CHString@@QEAAPEAGXZ] [41a0e6e67fb534c6] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?FindOneOf@CHString@@QEBAHPEBG@Z] [9b00f1d80f2b99b2] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetStringArray@CInstance@@QEBA_NPEBGAEAPEAUtagSAFEARRAY@@@Z] [41c4adc54521a0fb] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetStatusObject@MethodContext@@QEAA_NPEAUIWbemClassObject@@@Z] [339a702624609589] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z] [4b45fc05b738eec7] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Add@CHStringArray@@QEAAHPEBG@Z] [de9692d3eadd2b8a] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z] [406b2cd9366fd4a7] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z] [10b70dc6485b548e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?RemoveAll@CHPtrArray@@QEAAXXZ] [451e2528f6a00091] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??ACHPtrArray@@QEAAAEAPEAXH@Z] [43ded152a5436794] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetAt@CHPtrArray@@QEBAPEAXH@Z] [41438182f4eb86db] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetSize@CHPtrArray@@QEBAHXZ] [8627a78d210931b3] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Add@CHPtrArray@@QEAAHPEAX@Z] [4018687d5671a346] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??1CHPtrArray@@QEAA@XZ] [5bf7a66a4d775f81] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0CHPtrArray@@QEAA@XZ] [4f003bbd5dae73a6] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z] [6a8e479f4b4fc7a5] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z] [47f9978b1d25b53e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Getbool@CInstance@@QEBA_NPEBGAEA_N@Z] [f31a8c55b22ea9a5] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z] [468d6b32680b49b5] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Empty@CHString@@QEAAXXZ] [c0b815c8266ecbb1] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z] [41a5bbd8ee962e77] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0CHString@@QEAA@XZ] [6f42214593cb4b81] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z] [11cee3254d36e96d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??1CHStringArray@@QEAA@XZ] [1803e12b0008c1bf] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0CHStringArray@@QEAA@XZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z] [4c004900540055] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Release@CInstance@@QEAAJXZ] [2e004c004c0044] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Commit@CInstance@@QEAAJXZ] [4c004c0044] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z] [200020] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??1Provider@@UEAA@XZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0Provider@@QEAA@PEBG0@Z] [54005300590053] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?SetVariant@CInstance@@QEAA_NPEBGAEBUtagVARIANT@@@Z] [43005c004d0045] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?s_strComputerName@Provider@@0VCHString@@A] [65007200720075] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0CHString@@QEAA@AEBV0@@Z] [6f00430074006e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Compare@CHString@@QEBAHPEBG@Z] [6f00720074006e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBG@Z] [7400650053006c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Release@CThreadBase@@QEAAJXZ] [7200650053005c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBG@Z] [65006300690076] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Destroy@CWbemGlueFactory@@QEAAXXZ] [73] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Create@CWbemGlueFactory@@SAPEAV1@XZ] [25005c00730025] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0CHString@@QEAA@PEBG@Z] [69004c005c0073] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??1CHString@@QEAA@XZ] [670061006b006e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Flush@Provider@@MEAAXXZ] [65] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ValidateEnumerationFlags@Provider@@MEAAJJ@Z] [740075006f0052] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ValidateGetObjFlags@Provider@@MEAAJJ@Z] [65] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ValidateMethodFlags@Provider@@MEAAJJ@Z] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetClassObjectInterface@CInstance@@QEAAPEAUIWbemClassObject@@XZ] [54005300590053] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?AddRef@CInstance@@QEAAJXZ] [43005c004d0045] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z] [65007200720075] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z] [6f00430074006e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z] [6f00720074006e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z] [7400650053006c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??1CObjectPathParser@@QEAA@XZ] [7200650053005c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z] [65006300690076] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z] [65004e005c0073] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z] [4f004900420074] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z] [69004c005c0053] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z] [670061006b006e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ValidateQueryFlags@Provider@@MEAAJJ@Z] [65] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ValidateDeletionFlags@Provider@@MEAAJJ@Z] [61006e0061004c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z] [700061004d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??ACHStringArray@@QEBA?AVCHString@@H@Z] [3d002000730025] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?IsEmpty@CHString@@QEBAHXZ] [7300250020003e] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetLength@CHString@@QEBAHXZ] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??YCHString@@QEAAAEBV0@PEBG@Z] [25005c00730025] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??1CThreadBase@@UEAA@XZ] [73] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?GetInstanceByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z] [70007300690044] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!?EnumerateInstances@Provider@@MEAAJPEAVMethodContext@@J@Z] [4e00790061006c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[framedynos.dll!??4CHString@@QEAAAEBV0@PEBG@Z] [65006d0061] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ntdll.dll!RtlVirtualUnwind] [4d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ntdll.dll!RtlLookupFunctionEntry] [2d002000730025] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ntdll.dll!RtlCaptureContext] [7300250020] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[IPHLPAPI.DLL!GetAdaptersAddresses] [76f3bce0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!SystemTimeToFileTime] [76f40d10] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!RaiseException] [76f44ff0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!UnhandledExceptionFilter] [76f43360] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetCurrentProcess] [76f51760] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!TerminateProcess] [76f51780] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [76f52020] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetCurrentProcessId] [76f37830] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetCurrentThreadId] [76f3ae40] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetTickCount] [76f43c60] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!QueryPerformanceCounter] [76f33ef0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!Sleep] [76f40dd0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [76f51910] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!LocalReAlloc] [76f3a6c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GlobalFree] [76f43c40] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetACP] [76fafe70] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GlobalAlloc] [76f51520] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!lstrcmpW] [76f459a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetProcAddress] [76f514b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetLastError] [76f7c140] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!LoadLibraryW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!lstrcmpiW] [7fefc2a1010] C:\Windows\system32\netutils.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!LocalAlloc] [7fefafd2210] C:\Windows\system32\SAMCLI.DLL IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!LocalFree] [7fefc4bcd4c] C:\Windows\system32\LOGONCLI.DLL IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!DisableThreadLibraryCalls] [7fee8ba2cd0] C:\Windows\system32\BROWCLI.DLL IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetModuleFileNameW] [7fefc8d1968] C:\Windows\system32\srvcli.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetVersionExW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!FreeLibrary] [7fefeea96b0] C:\Windows\system32\SETUPAPI.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetModuleHandleExW] [7fefee94be0] C:\Windows\system32\SETUPAPI.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!lstrlenW] [7fefee94960] C:\Windows\system32\SETUPAPI.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [770c1360] C:\Windows\system32\USER32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!MultiByteToWideChar] [7705c850] C:\Windows\system32\USER32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[KERNEL32.dll!GetSystemTime] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ole32.dll!StringFromGUID2] [6d00650064] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ole32.dll!CoGetClassObject] [6f006d00640063] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ole32.dll!CoTaskMemFree] [2e006d00650064] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ole32.dll!CoCreateInstance] [6c006c0064] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ole32.dll!CoSetProxyBlanket] [7800750061] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ole32.dll!CoImpersonateClient] [740070006c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ole32.dll!CoRevertToSelf] [6e00720070] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegSetValueExW] [7fefe69d654] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fefe69da78] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegCloseKey] [7fefe693b8c] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegCreateKeyW] [7fefe69e9b0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegOpenKeyW] [7fefe6a4070] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fefe69e700] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fefe69d6c0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegDeleteValueW] [7fefe69dae8] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegQueryValueExW] [7fefe69fda0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!AllocateAndInitializeSid] [7fefe6a4010] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!LookupAccountSidW] [7fefe690520] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!FreeSid] [7fefe6a4250] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!ConvertStringSidToSidW] [7fefe69e760] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!RegEnumKeyExW] [7fefe6901b0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!LookupAccountNameW] [7fefe6a4220] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorW] [7fefe69fe10] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!CreateWellKnownSid] [76f49020] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[ADVAPI32.dll!EqualSid] [76fcbab0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[WINSTA.dll!ServerLicensingGetPolicyInformationW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[WINSTA.dll!ServerLicensingGetPolicy] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[WINSTA.dll!ServerLicensingGetAvailablePolicyIds] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[WINSTA.dll!ServerLicensingClose] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[WINSTA.dll!ServerLicensingSetPolicy] [7feefea616c] C:\Windows\system32\tscfgwmi.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[WINSTA.dll!ServerLicensingOpenW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertGetNameStringW] [76f433e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CryptDecodeObject] [76f44ef0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertOpenStore] [76f43380] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertGetEnhancedKeyUsage] [76f3b2f0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertFindExtension] [76fafce0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertFreeCertificateContext] [76f45ac0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertAddCertificateContextToStore] [76f51ef0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertFindCertificateInStore] [76fafb50] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertCloseStore] [76f520c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertGetCertificateContextProperty] [76f377b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertEnumCertificatesInStore] [76f51f80] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\tscfgwmi.dll[CRYPT32.dll!CertSaveStore] [76f46420] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!_vsnwprintf] [245c8948cccccccc] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!memcpy_s] [5541544157565518] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!swprintf_s] [10ec814857415641] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlVirtualUnwind] [deb6058b48000004] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlLookupFunctionEntry] [848948c433480000] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlEnterCriticalSection] [e98b4c0000040024] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlLeaveCriticalSection] [8d48ff3345f28b4c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlInitializeCriticalSection] [d233000001f2248c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!wcscat_s] [8b4100000206b841] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlAllocateAndInitializeSid] [1f024bc894466df] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!wcscpy_s] [41000066f1e80000] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!wcsstr] [5024548d48026f8d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!wcsrchr] [ffcd8b40247c8944] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!NtQueryVolumeInformationFile] [c73b41fffe009315] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!_wcslwr] [48c933450000018d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!vswprintf_s] [41c033454024448d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!strstr] [448948c9332e798d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlFreeSid] [64b7e8d78b2024] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!_wcsnicmp] [3b4540245c8b4400] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!_wcsicmp] [80041009bb0a75df] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!RtlCaptureContext] [d38b4900000154e9] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!memcpy] [4515ff00000040b9] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!memset] [3b49e08b4cfffdfe] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ntdll.dll!__chkstk] [80041006bb0a75c7] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[msvcrt.dll!fwprintf] [48fffffffe202444] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[msvcrt.dll!free] [8b48da8b48245c89] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[msvcrt.dll!malloc] [fffe59a8058d48f9] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[msvcrt.dll!_XcptFilter] [535e058d48018948] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[msvcrt.dll!_initterm] [b515ff018948fffe] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[msvcrt.dll!_amsg_exit] [87401c3f6fffe02] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[msvcrt.dll!_iob] [48245c8b48c78b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [c472e53b45c4ff41] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!UnhandledExceptionFilter] [246c8b4c58668d4d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetCurrentProcess] [8d4d000000a0e938] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [4838246c8b4c5866] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetCurrentProcessId] [49000000a824948b] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetCurrentThreadId] [fffe046815ffce8b] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetDateFormatW] [840fc08548e88b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetDefaultCommConfigW] [6948de8b00000088] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!FreeLibrary] [4c8b4800000254db] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!SystemTimeToFileTime] [8d480b148d482824] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!SetDefaultCommConfigW] [fe049f15ff40244c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetModuleHandleW] [d48b49c08b4c90ff] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GlobalAlloc] [fe030715ffcd8b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!WideCharToMultiByte] [ff40244c8d4890ff] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!LoadLibraryW] [1e8b4dfffe048b15] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!FormatMessageW] [c8d4c2824448b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetTimeFormatW] [49d58b48c58b4d03] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!FileTimeToSystemTime] [8093ff41ce8b] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!CreateFileW] [480b78c085f88b00] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!MultiByteToWideChar] [fffe03f015ffcd8b] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!lstrlenW] [dd15ffcd8b48f88b] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetLastError] [668d4d09ebfffe03] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!SetLastError] [c6ff38246c8b4c58] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetProcAddress] [fede820f2024743b] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GlobalFree] [41006bf05ebffff] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetLocalTime] [854828244c8b4880] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!LocalAlloc] [fe062715ff0774c9] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!QueryDosDeviceW] [ff48244c8d4890ff] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!lstrcmpiW] [4cc78bfffe038b15] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!CloseHandle] [305b8b4970245c8d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!FileTimeToLocalFileTime] [48738b49406b8b49] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!LocalFree] [415e415f41e38b49] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!CommConfigDialogW] [ccccccc35f5c415d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!Sleep] [244c8948cccccccc] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!QueryPerformanceCounter] [c74830ec83485708] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!GetTickCount] [48fffffffe202444] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[KERNEL32.dll!TerminateProcess] [4cd98b4848245c89] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!GetLengthSid] [fc085f88b4052ff] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!EqualSid] [7c83480000014488] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!CopySid] [149840f002824] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!LsaOpenPolicy] [7439fb634cf63300] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!RegQueryValueExA] [129860f2024] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!RegQueryValueExW] [121880fff85] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!RegOpenKeyExA] [48ee8b7275ff854d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!LookupAccountSidW] [34800000254ed69] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!LsaClose] [50246c8b4428246c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!RegEnumValueW] [840fed8545e43345] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!LsaFreeMemory] [48c48b45000000e1] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!RegCloseKey] [244c8d486024548d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!RegEnumKeyExW] [90fffe05c115ff48] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!CheckTokenMembership] [15ff088b48d58b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!RegOpenKeyExW] [940fc085fffe06bc] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[ADVAPI32.dll!LsaQueryInformationPolicy] [15ff60244c8d48c3] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[WINSTA.dll!WinStationQueryInformationW] [244c8948cccccccc] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[USER32.dll!LoadCursorW] [8d4c000001588b8d] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[USER32.dll!LoadStringW] [d78b48fffe4f5305] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[USER32.dll!MessageBoxW] [8b4890fffe9627e8] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[USER32.dll!SetCursor] [834848245c8b48c3] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[SETUPAPI.dll!SetupDiSetClassInstallParamsW] [80bffffe4f5c] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[SETUPAPI.dll!SetupDiDestroyDeviceInfoList] [fe9653e8d78b4800] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[SETUPAPI.dll!SetupDiCreateDeviceInfoList] [1d88b8d48ff] IAT C:\Windows\system32\wbem\wmiprvse.exe[5276] @ C:\Windows\system32\UTILDLL.dll[SETUPAPI.dll!SetupDiCallClassInstaller] [48fffe3bf9058d4c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\SysWOW64\regsvr32.exe [4692:4672] 000000006c9dab02 Thread C:\Windows\SysWOW64\regsvr32.exe [4948:4372] 0000000000422f10 Thread C:\Windows\SysWOW64\regsvr32.exe [4948:4596] 0000000000422f10 Thread C:\Windows\SysWOW64\regsvr32.exe [4948:4704] 0000000000422f10 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----