GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-13 16:09:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: gmer.exe; Driver: C:\Users\Armyt\AppData\Local\Temp\fglorpob.sys


---- User code sections - GMER 2.0 ----

.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  00000000771913c0 5 bytes JMP 0000000100120440
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           0000000077191410 5 bytes JMP 0000000100120430
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                00000000771915c0 1 byte JMP 0000000100120450
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                            00000000771915c2 3 bytes {JMP 0xffffffff88f8ee90}
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      00000000771915d0 5 bytes JMP 00000001001203b0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077191680 5 bytes JMP 0000000100120320
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    00000000771916b0 5 bytes JMP 0000000100120380
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             0000000077191710 5 bytes JMP 00000001001202e0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                        0000000077191760 5 bytes JMP 0000000100120410
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077191790 5 bytes JMP 00000001001202d0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         00000000771917b0 5 bytes JMP 0000000100120310
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          00000000771917f0 5 bytes JMP 0000000100120390
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       0000000077191840 5 bytes JMP 00000001001203c0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          00000000771919a0 1 byte JMP 0000000100120230
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                      00000000771919a2 3 bytes {JMP 0xffffffff88f8e890}
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077191b60 5 bytes JMP 0000000100120460
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077191b90 5 bytes JMP 0000000100120370
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077191c70 5 bytes JMP 00000001001202f0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077191c80 5 bytes JMP 0000000100120350
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077191ce0 5 bytes JMP 0000000100120290
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077191d70 5 bytes JMP 00000001001202b0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077191d90 5 bytes JMP 00000001001203a0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077191da0 1 byte JMP 0000000100120330
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                       0000000077191da2 3 bytes {JMP 0xffffffff88f8e590}
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077191e10 5 bytes JMP 00000001001203e0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077191e40 5 bytes JMP 0000000100120240
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            0000000077192100 5 bytes JMP 00000001001201e0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       00000000771921c0 1 byte JMP 0000000100120250
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                   00000000771921c2 3 bytes {JMP 0xffffffff88f8e090}
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       00000000771921f0 5 bytes JMP 0000000100120470
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              0000000077192200 5 bytes JMP 0000000100120480
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         0000000077192230 5 bytes JMP 0000000100120300
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      0000000077192240 5 bytes JMP 0000000100120360
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            00000000771922a0 5 bytes JMP 00000001001202a0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         00000000771922f0 5 bytes JMP 00000001001202c0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             0000000077192330 5 bytes JMP 0000000100120340
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      0000000077192620 5 bytes JMP 0000000100120420
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     0000000077192820 5 bytes JMP 0000000100120260
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        0000000077192830 5 bytes JMP 0000000100120270
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      0000000077192840 1 byte JMP 00000001001203d0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                  0000000077192842 3 bytes {JMP 0xffffffff88f8db90}
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  0000000077192a00 5 bytes JMP 00000001001201f0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   0000000077192a10 5 bytes JMP 0000000100120210
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077192a80 5 bytes JMP 0000000100120200
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077192ae0 5 bytes JMP 00000001001203f0
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077192af0 5 bytes JMP 0000000100120400
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077192b00 5 bytes JMP 0000000100120220
.text    C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077192be0 5 bytes JMP 0000000100120280
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                          00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                      0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                    00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                     0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                 00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\wininit.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               000000007707eecd 1 byte [62]
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  00000000771913c0 5 bytes JMP 0000000100120440
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           0000000077191410 5 bytes JMP 0000000100120430
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                00000000771915c0 1 byte JMP 0000000100120450
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                            00000000771915c2 3 bytes {JMP 0xffffffff88f8ee90}
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      00000000771915d0 5 bytes JMP 00000001001203b0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077191680 5 bytes JMP 0000000100120320
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    00000000771916b0 5 bytes JMP 0000000100120380
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             0000000077191710 5 bytes JMP 00000001001202e0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                        0000000077191760 5 bytes JMP 0000000100120410
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077191790 5 bytes JMP 00000001001202d0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         00000000771917b0 5 bytes JMP 0000000100120310
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          00000000771917f0 5 bytes JMP 0000000100120390
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       0000000077191840 5 bytes JMP 00000001001203c0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          00000000771919a0 1 byte JMP 0000000100120230
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                      00000000771919a2 3 bytes {JMP 0xffffffff88f8e890}
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077191b60 5 bytes JMP 0000000100120460
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077191b90 5 bytes JMP 0000000100120370
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077191c70 5 bytes JMP 00000001001202f0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077191c80 5 bytes JMP 0000000100120350
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077191ce0 5 bytes JMP 0000000100120290
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077191d70 5 bytes JMP 00000001001202b0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077191d90 5 bytes JMP 00000001001203a0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077191da0 1 byte JMP 0000000100120330
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                       0000000077191da2 3 bytes {JMP 0xffffffff88f8e590}
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077191e10 5 bytes JMP 00000001001203e0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077191e40 5 bytes JMP 0000000100120240
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            0000000077192100 5 bytes JMP 00000001001201e0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       00000000771921c0 1 byte JMP 0000000100120250
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                   00000000771921c2 3 bytes {JMP 0xffffffff88f8e090}
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       00000000771921f0 5 bytes JMP 0000000100120470
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              0000000077192200 5 bytes JMP 0000000100120480
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         0000000077192230 5 bytes JMP 0000000100120300
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      0000000077192240 5 bytes JMP 0000000100120360
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            00000000771922a0 5 bytes JMP 00000001001202a0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         00000000771922f0 5 bytes JMP 00000001001202c0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             0000000077192330 5 bytes JMP 0000000100120340
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      0000000077192620 5 bytes JMP 0000000100120420
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     0000000077192820 5 bytes JMP 0000000100120260
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        0000000077192830 5 bytes JMP 0000000100120270
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      0000000077192840 1 byte JMP 00000001001203d0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                  0000000077192842 3 bytes {JMP 0xffffffff88f8db90}
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  0000000077192a00 5 bytes JMP 00000001001201f0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   0000000077192a10 5 bytes JMP 0000000100120210
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077192a80 5 bytes JMP 0000000100120200
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077192ae0 5 bytes JMP 00000001001203f0
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077192af0 5 bytes JMP 0000000100120400
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077192b00 5 bytes JMP 0000000100120220
.text    C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077192be0 5 bytes JMP 0000000100120280
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\services.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\services.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                            00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                        0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                      00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                       0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                   00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                  0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                    00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                             0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                  00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                              00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                        00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                             0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                      00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                               0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                          0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                             0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                           00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                            00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                         0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                            00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                        00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                 0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                         0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                      0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                            0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                         0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                          0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                             0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                         0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                      0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                         0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                              0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                         00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                     00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                         00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                           0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                        0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                              00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                           00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                               0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                        0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                       0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                          0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                        0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                    0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                    0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                     0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                          0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                          0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                           0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                      0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\lsm.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                              0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 0000000100040440
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 0000000100040430
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 0000000100040450
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0xffffffff88eaee90}
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000001000403b0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 0000000100040320
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 0000000100040380
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000001000402e0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 0000000100040410
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000001000402d0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 0000000100040310
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 0000000100040390
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000001000403c0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 0000000100040230
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0xffffffff88eae890}
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 0000000100040460
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 0000000100040370
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000001000402f0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 0000000100040350
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 0000000100040290
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000001000402b0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000001000403a0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 0000000100040330
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0xffffffff88eae590}
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000001000403e0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 0000000100040240
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000001000401e0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 0000000100040250
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0xffffffff88eae090}
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 0000000100040470
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 0000000100040480
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 0000000100040300
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 0000000100040360
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000001000402a0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000001000402c0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 0000000100040340
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 0000000100040420
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 0000000100040260
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 0000000100040270
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000001000403d0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0xffffffff88eadb90}
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000001000401f0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 0000000100040210
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 0000000100040200
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000001000403f0
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 0000000100040400
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 0000000100040220
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 0000000100040280
.text    C:\Windows\system32\winlogon.exe[824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                00000000771913c0 5 bytes JMP 0000000100070440
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077191410 5 bytes JMP 0000000100070430
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              00000000771915c0 1 byte JMP 0000000100070450
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                          00000000771915c2 3 bytes {JMP 0xffffffff88edee90}
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    00000000771915d0 5 bytes JMP 00000001000703b0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077191680 5 bytes JMP 0000000100070320
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  00000000771916b0 5 bytes JMP 0000000100070380
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077191710 5 bytes JMP 00000001000702e0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                      0000000077191760 5 bytes JMP 0000000100070410
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077191790 5 bytes JMP 00000001000702d0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       00000000771917b0 5 bytes JMP 0000000100070310
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        00000000771917f0 5 bytes JMP 0000000100070390
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077191840 5 bytes JMP 00000001000703c0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        00000000771919a0 1 byte JMP 0000000100070230
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                    00000000771919a2 3 bytes {JMP 0xffffffff88ede890}
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077191b60 5 bytes JMP 0000000100070460
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077191b90 5 bytes JMP 0000000100070370
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077191c70 5 bytes JMP 00000001000702f0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077191c80 5 bytes JMP 0000000100070350
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077191ce0 5 bytes JMP 0000000100070290
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077191d70 5 bytes JMP 00000001000702b0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077191d90 5 bytes JMP 00000001000703a0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077191da0 1 byte JMP 0000000100070330
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                     0000000077191da2 3 bytes {JMP 0xffffffff88ede590}
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077191e10 5 bytes JMP 00000001000703e0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077191e40 5 bytes JMP 0000000100070240
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077192100 5 bytes JMP 00000001000701e0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     00000000771921c0 1 byte JMP 0000000100070250
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                 00000000771921c2 3 bytes {JMP 0xffffffff88ede090}
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     00000000771921f0 5 bytes JMP 0000000100070470
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077192200 5 bytes JMP 0000000100070480
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077192230 5 bytes JMP 0000000100070300
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077192240 5 bytes JMP 0000000100070360
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          00000000771922a0 5 bytes JMP 00000001000702a0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       00000000771922f0 5 bytes JMP 00000001000702c0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077192330 5 bytes JMP 0000000100070340
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077192620 5 bytes JMP 0000000100070420
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077192820 5 bytes JMP 0000000100070260
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077192830 5 bytes JMP 0000000100070270
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077192840 1 byte JMP 00000001000703d0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                0000000077192842 3 bytes {JMP 0xffffffff88eddb90}
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077192a00 5 bytes JMP 00000001000701f0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077192a10 5 bytes JMP 0000000100070210
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077192a80 5 bytes JMP 0000000100070200
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077192ae0 5 bytes JMP 00000001000703f0
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077192af0 5 bytes JMP 0000000100070400
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077192b00 5 bytes JMP 0000000100070220
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077192be0 5 bytes JMP 0000000100070280
.text    C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               000000007707eecd 1 byte [62]
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                          00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                      0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                    00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                     0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                 00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\atiesrxx.exe[484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                          00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                      0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                    00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                     0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                 00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\System32\svchost.exe[512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               000000007707eecd 1 byte [62]
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                          00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                      0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                    00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                     0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                 00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\System32\svchost.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               000000007707eecd 1 byte [62]
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                   00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                               0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                             00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                              0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                          00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                         0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Program Files\IDT\WDM\STacSV64.exe[1108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                        000000007707eecd 1 byte [62]
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\AUDIODG.EXE[1196] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                              00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                       0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                            00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                        00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                  00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                       0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                         0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                       0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                     00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                      00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                   0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                      00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                  00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                           0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                          0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                   0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                      0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                   0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                       0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                   0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                   0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                        0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                   00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                               00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                   00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                          0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                     0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                  0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                        00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                     00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                         0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                  0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                 0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                    0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                              0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                              0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                               0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                    0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                    0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                     0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\atieclxx.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                        0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\svchost.exe[1512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Program Files\AVAST Software\Avast\afwServ.exe[1768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                            0000000074e3a30a 1 byte [62]
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 0000000100070440
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 0000000100070430
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 0000000100070450
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0xffffffff88edee90}
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000001000703b0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 0000000100070320
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 0000000100070380
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000001000702e0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 0000000100070410
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000001000702d0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 0000000100070310
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 0000000100070390
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000001000703c0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 0000000100070230
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0xffffffff88ede890}
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 0000000100070460
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 0000000100070370
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000001000702f0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 0000000100070350
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 0000000100070290
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000001000702b0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000001000703a0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 0000000100070330
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0xffffffff88ede590}
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000001000703e0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 0000000100070240
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000001000701e0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 0000000100070250
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0xffffffff88ede090}
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 0000000100070470
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 0000000100070480
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 0000000100070300
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 0000000100070360
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000001000702a0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000001000702c0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 0000000100070340
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 0000000100070420
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 0000000100070260
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 0000000100070270
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000001000703d0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0xffffffff88eddb90}
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000001000701f0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 0000000100070210
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 0000000100070200
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000001000703f0
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 0000000100070400
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 0000000100070220
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 0000000100070280
.text    C:\Windows\System32\spoolsv.exe[1928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\svchost.exe[1968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[1624] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\PDF Complete\pdfsvc.exe[1876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                               0000000074e3a30a 1 byte [62]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                             0000000074e3a30a 1 byte [62]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                         00000000730217fa 2 bytes [02, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                     0000000073021860 2 bytes [02, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                   0000000073021942 2 bytes [02, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                  000000007302194d 2 bytes [02, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                           0000000074f71401 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                             0000000074f71419 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                           0000000074f71431 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                           0000000074f7144a 2 bytes [F7, 74]
.text    ...                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                              0000000074f714dd 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                       0000000074f714f5 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                              0000000074f7150d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                       0000000074f71525 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                             0000000074f7153d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                  0000000074f71555 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                           0000000074f7156d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                             0000000074f71585 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                0000000074f7159d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                             0000000074f715b5 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                           0000000074f715cd 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                       0000000074f716b2 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                       0000000074f716bd 2 bytes [F7, 74]
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 00000000772f03b0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\System32\svchost.exe[2224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              000000007707eecd 1 byte [62]
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                     0000000077163ae0 5 bytes JMP 00000001002d075c
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                       0000000077167a90 5 bytes JMP 00000001002d03a4
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                           00000000771913c0 5 bytes JMP 0000000100070440
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                    0000000077191410 5 bytes JMP 0000000100070430
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                          0000000077191490 5 bytes JMP 00000001002d0b14
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                              00000000771914f0 5 bytes JMP 00000001002d0ecc
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                         00000000771915c0 1 byte JMP 0000000100070450
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                     00000000771915c2 3 bytes {JMP 0xffffffff88edee90}
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                               00000000771915d0 5 bytes JMP 00000001002d163c
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                    0000000077191680 5 bytes JMP 0000000100070320
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                             00000000771916b0 5 bytes JMP 0000000100070380
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                      0000000077191710 5 bytes JMP 00000001000702e0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                 0000000077191760 5 bytes JMP 0000000100070410
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                    0000000077191790 5 bytes JMP 00000001000702d0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                  00000000771917b0 5 bytes JMP 0000000100070310
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                   00000000771917f0 5 bytes JMP 0000000100070390
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                           0000000077191810 5 bytes JMP 00000001002d1284
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                0000000077191840 5 bytes JMP 00000001000703c0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                   00000000771919a0 1 byte JMP 0000000100070230
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                               00000000771919a2 3 bytes {JMP 0xffffffff88ede890}
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                        0000000077191b60 5 bytes JMP 0000000100070460
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                       0000000077191b90 5 bytes JMP 0000000100070370
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                0000000077191c70 5 bytes JMP 00000001000702f0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                             0000000077191c80 5 bytes JMP 0000000100070350
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                   0000000077191ce0 5 bytes JMP 0000000100070290
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                0000000077191d70 5 bytes JMP 00000001000702b0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                 0000000077191d90 5 bytes JMP 00000001000703a0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                    0000000077191da0 1 byte JMP 0000000100070330
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                0000000077191da2 3 bytes {JMP 0xffffffff88ede590}
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                             0000000077191e10 5 bytes JMP 00000001000703e0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                0000000077191e40 5 bytes JMP 0000000100070240
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                     0000000077192100 5 bytes JMP 00000001000701e0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                00000000771921c0 1 byte JMP 0000000100070250
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                            00000000771921c2 3 bytes {JMP 0xffffffff88ede090}
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                00000000771921f0 5 bytes JMP 0000000100070470
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                       0000000077192200 5 bytes JMP 0000000100070480
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                  0000000077192230 5 bytes JMP 0000000100070300
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                               0000000077192240 5 bytes JMP 0000000100070360
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                     00000000771922a0 5 bytes JMP 00000001000702a0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                  00000000771922f0 5 bytes JMP 00000001000702c0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                      0000000077192330 5 bytes JMP 0000000100070340
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                               0000000077192620 5 bytes JMP 0000000100070420
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                              0000000077192820 5 bytes JMP 0000000100070260
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                 0000000077192830 5 bytes JMP 0000000100070270
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                               0000000077192840 1 byte JMP 00000001000703d0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                           0000000077192842 3 bytes {JMP 0xffffffff88eddb90}
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                           0000000077192a00 5 bytes JMP 00000001000701f0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                            0000000077192a10 5 bytes JMP 0000000100070210
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                 0000000077192a80 5 bytes JMP 0000000100070200
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                 0000000077192ae0 5 bytes JMP 00000001000703f0
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                  0000000077192af0 5 bytes JMP 0000000100070400
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                             0000000077192b00 5 bytes JMP 0000000100070220
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                     0000000077192be0 5 bytes JMP 0000000100070280
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                          000000007707eecd 1 byte [62]
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                       000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                           000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                           000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                          000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                          000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                 000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                 000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe[2652] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                  000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                          000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                              000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                              000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                             000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                             000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                    000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                    000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\System32\WUDFHost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                     000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         0000000077163ae0 5 bytes JMP 000000010015075c
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           0000000077167a90 5 bytes JMP 00000001001503a4
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077191490 5 bytes JMP 0000000100150b14
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  00000000771914f0 5 bytes JMP 0000000100150ecc
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 000000010015163c
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               0000000077191810 5 bytes JMP 0000000100151284
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                        0000000077163ae0 5 bytes JMP 000000010016075c
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                          0000000077167a90 5 bytes JMP 00000001001603a4
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                              00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                       0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                             0000000077191490 5 bytes JMP 0000000100160b14
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                 00000000771914f0 5 bytes JMP 0000000100160ecc
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                            00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                        00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                  00000000771915d0 5 bytes JMP 000000010016163c
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                       0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                         0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                       0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                     00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                      00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                              0000000077191810 5 bytes JMP 0000000100161284
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                   0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                      00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                  00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                           0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                          0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                   0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                      0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                   0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                       0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                   0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                   0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                        0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                   00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                               00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                   00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                          0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                     0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                  0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                        00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                     00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                         0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                  0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                 0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                    0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                              0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                              0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                               0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                    0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                    0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                     0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                        0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                             000000007707eecd 1 byte [62]
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                          000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                              000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                              000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                             000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                             000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                    000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                    000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\taskhost.exe[3700] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                     000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         0000000077163ae0 5 bytes JMP 000000010026075c
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           0000000077167a90 5 bytes JMP 00000001002603a4
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077191490 5 bytes JMP 0000000100260b14
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  00000000771914f0 5 bytes JMP 0000000100260ecc
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                         00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   00000000771915d0 5 bytes JMP 000000010026163c
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               0000000077191810 5 bytes JMP 0000000100261284
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                   00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                    0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                               0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\taskeng.exe[3716] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                             0000000077163ae0 5 bytes JMP 000000010026075c
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                               0000000077167a90 5 bytes JMP 00000001002603a4
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                   00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                            0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                  0000000077191490 5 bytes JMP 0000000100260b14
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                      00000000771914f0 5 bytes JMP 0000000100260ecc
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                 00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                             00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                       00000000771915d0 5 bytes JMP 000000010026163c
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                            0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                     00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                              0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                         0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                            0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                          00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                           00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                   0000000077191810 5 bytes JMP 0000000100261284
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                        0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                           00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                       00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                               0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                        0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                     0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                           0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                        0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                         0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                            0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                        0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                     0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                        0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                             0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                        00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                    00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                        00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                               0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                          0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                       0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                             00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                          00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                              0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                       0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                      0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                         0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                       0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                   0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                   0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                    0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                         0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                         0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                          0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                     0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\Dwm.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                             0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                 0000000077163ae0 5 bytes JMP 00000001003e075c
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                   0000000077167a90 5 bytes JMP 00000001003e03a4
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                       00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                      0000000077191490 5 bytes JMP 00000001003e0b14
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                          00000000771914f0 5 bytes JMP 00000001003e0ecc
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                     00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                                 00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                           00000000771915d0 5 bytes JMP 00000001003e163c
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                         00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                  0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                             0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                              00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                               00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                       0000000077191810 5 bytes JMP 00000001003e1284
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                            0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                               00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                           00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                    0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                   0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                            0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                         0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                               0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                            0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                             0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                            0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                         0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                            0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                 0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                            00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                        00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                            00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                   0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                              0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                           0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                 00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                              00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                  0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                           0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                          0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                             0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                           0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                       0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                       0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                        0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                             0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                             0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                              0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                         0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                 0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                      000000007707eecd 1 byte [62]
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                                   000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                                       000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                                       000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                                      000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                                      000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                             000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                             000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\Explorer.EXE[3976] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                              000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                      000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                          000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                          000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                         000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                         000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Program Files\IDT\WDM\Beats64.exe[4072] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                 000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                              000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                  000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                   000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                               0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                           000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                         0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                              0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                     0000000074bcee09 5 bytes JMP 00000001002401f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                      0000000074bd3982 5 bytes JMP 00000001002403fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                   0000000074bd7603 5 bytes JMP 0000000100240804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                   0000000074bd835c 5 bytes JMP 0000000100240600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                 0000000074bef52b 5 bytes JMP 0000000100240a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                           0000000076275181 5 bytes JMP 0000000100251014
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                               0000000076275254 5 bytes JMP 0000000100250804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                               00000000762753d5 5 bytes JMP 0000000100250a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                              00000000762754c2 5 bytes JMP 0000000100250c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                              00000000762755e2 5 bytes JMP 0000000100250e10
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                     000000007627567c 5 bytes JMP 00000001002501f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                     000000007627589f 5 bytes JMP 00000001002503fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4080] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                      0000000076275a22 5 bytes JMP 0000000100250600
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                        000000007707eecd 1 byte [62]
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                     000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                         000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                         000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                        000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                        000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                               000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                               000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Program Files\IDT\WDM\sttray64.exe[3120] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            0000000077163ae0 5 bytes JMP 000000010037075c
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              0000000077167a90 5 bytes JMP 00000001003703a4
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                  00000000771913c0 5 bytes JMP 0000000100070440
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                           0000000077191410 5 bytes JMP 0000000100070430
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077191490 5 bytes JMP 0000000100370b14
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     00000000771914f0 5 bytes JMP 0000000100370ecc
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                00000000771915c0 1 byte JMP 0000000100070450
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                            00000000771915c2 3 bytes {JMP 0xffffffff88edee90}
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      00000000771915d0 5 bytes JMP 000000010037163c
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                           0000000077191680 5 bytes JMP 0000000100070320
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    00000000771916b0 5 bytes JMP 0000000100070380
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                             0000000077191710 5 bytes JMP 00000001000702e0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        0000000077191760 5 bytes JMP 0000000100070410
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                           0000000077191790 5 bytes JMP 00000001000702d0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                         00000000771917b0 5 bytes JMP 0000000100070310
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                          00000000771917f0 5 bytes JMP 0000000100070390
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077191810 5 bytes JMP 0000000100371284
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                       0000000077191840 5 bytes JMP 00000001000703c0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                          00000000771919a0 1 byte JMP 0000000100070230
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                      00000000771919a2 3 bytes {JMP 0xffffffff88ede890}
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                               0000000077191b60 5 bytes JMP 0000000100070460
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                              0000000077191b90 5 bytes JMP 0000000100070370
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                       0000000077191c70 5 bytes JMP 00000001000702f0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                    0000000077191c80 5 bytes JMP 0000000100070350
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                          0000000077191ce0 5 bytes JMP 0000000100070290
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                       0000000077191d70 5 bytes JMP 00000001000702b0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000077191d90 5 bytes JMP 00000001000703a0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                           0000000077191da0 1 byte JMP 0000000100070330
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                       0000000077191da2 3 bytes {JMP 0xffffffff88ede590}
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                    0000000077191e10 5 bytes JMP 00000001000703e0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                       0000000077191e40 5 bytes JMP 0000000100070240
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                            0000000077192100 5 bytes JMP 00000001000701e0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                       00000000771921c0 1 byte JMP 0000000100070250
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                   00000000771921c2 3 bytes {JMP 0xffffffff88ede090}
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                       00000000771921f0 5 bytes JMP 0000000100070470
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                              0000000077192200 5 bytes JMP 0000000100070480
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                         0000000077192230 5 bytes JMP 0000000100070300
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                      0000000077192240 5 bytes JMP 0000000100070360
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                            00000000771922a0 5 bytes JMP 00000001000702a0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                         00000000771922f0 5 bytes JMP 00000001000702c0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                             0000000077192330 5 bytes JMP 0000000100070340
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                      0000000077192620 5 bytes JMP 0000000100070420
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                     0000000077192820 5 bytes JMP 0000000100070260
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                        0000000077192830 5 bytes JMP 0000000100070270
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      0000000077192840 1 byte JMP 00000001000703d0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                  0000000077192842 3 bytes {JMP 0xffffffff88eddb90}
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                  0000000077192a00 5 bytes JMP 00000001000701f0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                   0000000077192a10 5 bytes JMP 0000000100070210
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                        0000000077192a80 5 bytes JMP 0000000100070200
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                        0000000077192ae0 5 bytes JMP 00000001000703f0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                         0000000077192af0 5 bytes JMP 0000000100070400
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                    0000000077192b00 5 bytes JMP 0000000100070220
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                            0000000077192be0 5 bytes JMP 0000000100070280
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                 000000007707eecd 1 byte [62]
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Program Files\Windows Sidebar\sidebar.exe[3088] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                         000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                      0000000074bcee09 5 bytes JMP 00000001000a01f8
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                       0000000074bd3982 5 bytes JMP 00000001000a03fc
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                    0000000074bd7603 5 bytes JMP 00000001000a0804
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                    0000000074bd835c 5 bytes JMP 00000001000a0600
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                  0000000074bef52b 5 bytes JMP 00000001000a0a08
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                            0000000076275181 5 bytes JMP 0000000100271014
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                0000000076275254 5 bytes JMP 0000000100270804
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                00000000762753d5 5 bytes JMP 0000000100270a08
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                               00000000762754c2 5 bytes JMP 0000000100270c0c
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                               00000000762755e2 5 bytes JMP 0000000100270e10
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                      000000007627567c 5 bytes JMP 00000001002701f8
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                      000000007627589f 5 bytes JMP 00000001002703fc
.text    C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[3360] C:\Windows\SysWOW64\sechost.dll!DeleteService                                       0000000076275a22 5 bytes JMP 0000000100270600
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory     000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory         000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory      0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                  000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112     0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\syswow64\USER32.dll!SetWinEventHook            0000000074bcee09 5 bytes JMP 00000001001001f8
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\syswow64\USER32.dll!UnhookWinEvent             0000000074bd3982 5 bytes JMP 00000001001003fc
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW          0000000074bd7603 5 bytes JMP 0000000100100804
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA          0000000074bd835c 5 bytes JMP 0000000100100600
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx        0000000074bef52b 5 bytes JMP 0000000100100a08
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity  0000000076275181 5 bytes JMP 0000000100111014
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA      0000000076275254 5 bytes JMP 0000000100110804
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW      00000000762753d5 5 bytes JMP 0000000100110a08
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A     00000000762754c2 5 bytes JMP 0000000100110c0c
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W     00000000762755e2 5 bytes JMP 0000000100110e10
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!CreateServiceA            000000007627567c 5 bytes JMP 00000001001101f8
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!CreateServiceW            000000007627589f 5 bytes JMP 00000001001103fc
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3388] C:\Windows\SysWOW64\sechost.dll!DeleteService             0000000076275a22 5 bytes JMP 0000000100110600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                   000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                       000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                        000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                              0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                   0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\syswow64\user32.dll!SetWinEventHook                                          0000000074bcee09 5 bytes JMP 00000001002401f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\syswow64\user32.dll!UnhookWinEvent                                           0000000074bd3982 5 bytes JMP 00000001002403fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\syswow64\user32.dll!SetWindowsHookExW                                        0000000074bd7603 5 bytes JMP 0000000100240804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\syswow64\user32.dll!SetWindowsHookExA                                        0000000074bd835c 5 bytes JMP 0000000100240600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\syswow64\user32.dll!UnhookWindowsHookEx                                      0000000074bef52b 5 bytes JMP 0000000100240a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                0000000076275181 5 bytes JMP 0000000100251014
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                    0000000076275254 5 bytes JMP 0000000100250804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                    00000000762753d5 5 bytes JMP 0000000100250a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                   00000000762754c2 5 bytes JMP 0000000100250c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                   00000000762755e2 5 bytes JMP 0000000100250e10
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                          000000007627567c 5 bytes JMP 00000001002501f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                          000000007627589f 5 bytes JMP 00000001002503fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3568] C:\Windows\SysWOW64\sechost.dll!DeleteService                                           0000000076275a22 5 bytes JMP 0000000100250600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                             000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                 000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                  000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                          000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                        0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                             0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                          0000000076275181 5 bytes JMP 0000000100231014
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                              0000000076275254 5 bytes JMP 0000000100230804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                              00000000762753d5 5 bytes JMP 0000000100230a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                             00000000762754c2 5 bytes JMP 0000000100230c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                             00000000762755e2 5 bytes JMP 0000000100230e10
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                    000000007627567c 5 bytes JMP 00000001002301f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                    000000007627589f 5 bytes JMP 00000001002303fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\SysWOW64\sechost.dll!DeleteService                                     0000000076275a22 5 bytes JMP 0000000100230600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                    0000000074bcee09 5 bytes JMP 00000001002401f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                     0000000074bd3982 5 bytes JMP 00000001002403fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                  0000000074bd7603 5 bytes JMP 0000000100240804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                  0000000074bd835c 5 bytes JMP 0000000100240600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3864] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                0000000074bef52b 5 bytes JMP 0000000100240a08
.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[1416] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                            0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                     000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                         000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                          000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                  000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                     0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\syswow64\user32.dll!SetWinEventHook                                            0000000074bcee09 5 bytes JMP 00000001002401f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\syswow64\user32.dll!UnhookWinEvent                                             0000000074bd3982 5 bytes JMP 00000001002403fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\syswow64\user32.dll!SetWindowsHookExW                                          0000000074bd7603 5 bytes JMP 0000000100240804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\syswow64\user32.dll!SetWindowsHookExA                                          0000000074bd835c 5 bytes JMP 0000000100240600
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\syswow64\user32.dll!UnhookWindowsHookEx                                        0000000074bef52b 5 bytes JMP 0000000100240a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                  0000000076275181 5 bytes JMP 0000000100251014
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                      0000000076275254 5 bytes JMP 0000000100250804
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                      00000000762753d5 5 bytes JMP 0000000100250a08
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                     00000000762754c2 5 bytes JMP 0000000100250c0c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                     00000000762755e2 5 bytes JMP 0000000100250e10
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                            000000007627567c 5 bytes JMP 00000001002501f8
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                            000000007627589f 5 bytes JMP 00000001002503fc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[3492] C:\Windows\SysWOW64\sechost.dll!DeleteService                                             0000000076275a22 5 bytes JMP 0000000100250600
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                   0000000077163ae0 5 bytes JMP 00000001001b075c
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                     0000000077167a90 5 bytes JMP 00000001001b03a4
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                        0000000077191490 5 bytes JMP 00000001001b0b14
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                            00000000771914f0 5 bytes JMP 00000001001b0ecc
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                   00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             00000000771915d0 5 bytes JMP 00000001001b163c
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                               0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                         0000000077191810 5 bytes JMP 00000001001b1284
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                             00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                              0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                          00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                         0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                        000000007707eecd 1 byte [62]
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                     000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                         000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                         000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                        000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                        000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                               000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                               000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\SearchIndexer.exe[3964] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[3424] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                           000000007707eecd 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                            0000000077163ae0 5 bytes JMP 000000010033075c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                              0000000077167a90 5 bytes JMP 00000001003303a4
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                  00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                           0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                 0000000077191490 5 bytes JMP 0000000100330b14
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                     00000000771914f0 5 bytes JMP 0000000100330ecc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                            00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                      00000000771915d0 5 bytes JMP 000000010033163c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                           0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                        0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                         00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                          00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                  0000000077191810 5 bytes JMP 0000000100331284
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                       0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                          00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                      00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                              0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                       0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                    0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                           0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                       0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                    0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                       0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                            0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                       00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                   00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                       00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                              0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                         0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                      0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                             0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                      0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                     0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                        0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                  0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                  0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                   0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                        0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                        0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                         0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                    0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                            0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                 000000007707eecd 1 byte [62]
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                              000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                  000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                  000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                 000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                 000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                        000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                        000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4876] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                         000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                            0000000076275181 5 bytes JMP 0000000100101014
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                0000000076275254 5 bytes JMP 0000000100100804
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                00000000762753d5 5 bytes JMP 0000000100100a08
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                               00000000762754c2 5 bytes JMP 0000000100100c0c
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                               00000000762755e2 5 bytes JMP 0000000100100e10
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                      000000007627567c 5 bytes JMP 00000001001001f8
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                      000000007627589f 5 bytes JMP 00000001001003fc
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\SysWOW64\sechost.dll!DeleteService                                       0000000076275a22 5 bytes JMP 0000000100100600
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                      0000000074bcee09 5 bytes JMP 00000001001101f8
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                       0000000074bd3982 5 bytes JMP 00000001001103fc
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                    0000000074bd7603 5 bytes JMP 0000000100110804
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                    0000000074bd835c 5 bytes JMP 0000000100110600
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4984] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                  0000000074bef52b 5 bytes JMP 0000000100110a08
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                     0000000077163ae0 5 bytes JMP 00000001002e075c
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                       0000000077167a90 5 bytes JMP 00000001002e03a4
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                           00000000771913c0 5 bytes JMP 0000000100070440
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                    0000000077191410 5 bytes JMP 0000000100070430
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                          0000000077191490 5 bytes JMP 00000001002e0b14
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                              00000000771914f0 5 bytes JMP 00000001002e0ecc
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                         00000000771915c0 1 byte JMP 0000000100070450
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                     00000000771915c2 3 bytes {JMP 0xffffffff88edee90}
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                               00000000771915d0 5 bytes JMP 00000001002e163c
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                    0000000077191680 5 bytes JMP 0000000100070320
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                             00000000771916b0 5 bytes JMP 0000000100070380
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                      0000000077191710 5 bytes JMP 00000001000702e0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                 0000000077191760 5 bytes JMP 0000000100070410
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                    0000000077191790 5 bytes JMP 00000001000702d0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                  00000000771917b0 5 bytes JMP 0000000100070310
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                   00000000771917f0 5 bytes JMP 0000000100070390
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                           0000000077191810 5 bytes JMP 00000001002e1284
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                0000000077191840 5 bytes JMP 00000001000703c0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                   00000000771919a0 1 byte JMP 0000000100070230
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                               00000000771919a2 3 bytes {JMP 0xffffffff88ede890}
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                        0000000077191b60 5 bytes JMP 0000000100070460
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                       0000000077191b90 5 bytes JMP 0000000100070370
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                0000000077191c70 5 bytes JMP 00000001000702f0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                             0000000077191c80 5 bytes JMP 0000000100070350
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                   0000000077191ce0 5 bytes JMP 0000000100070290
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                0000000077191d70 5 bytes JMP 00000001000702b0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                 0000000077191d90 5 bytes JMP 00000001000703a0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                    0000000077191da0 1 byte JMP 0000000100070330
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                0000000077191da2 3 bytes {JMP 0xffffffff88ede590}
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                             0000000077191e10 5 bytes JMP 00000001000703e0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                0000000077191e40 5 bytes JMP 0000000100070240
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                     0000000077192100 5 bytes JMP 00000001000701e0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                00000000771921c0 1 byte JMP 0000000100070250
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                            00000000771921c2 3 bytes {JMP 0xffffffff88ede090}
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                00000000771921f0 5 bytes JMP 0000000100070470
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                       0000000077192200 5 bytes JMP 0000000100070480
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                  0000000077192230 5 bytes JMP 0000000100070300
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                               0000000077192240 5 bytes JMP 0000000100070360
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                     00000000771922a0 5 bytes JMP 00000001000702a0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                  00000000771922f0 5 bytes JMP 00000001000702c0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                      0000000077192330 5 bytes JMP 0000000100070340
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                               0000000077192620 5 bytes JMP 0000000100070420
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                              0000000077192820 5 bytes JMP 0000000100070260
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                 0000000077192830 5 bytes JMP 0000000100070270
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                               0000000077192840 1 byte JMP 00000001000703d0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                           0000000077192842 3 bytes {JMP 0xffffffff88eddb90}
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                           0000000077192a00 5 bytes JMP 00000001000701f0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                            0000000077192a10 5 bytes JMP 0000000100070210
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                 0000000077192a80 5 bytes JMP 0000000100070200
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                 0000000077192ae0 5 bytes JMP 00000001000703f0
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                  0000000077192af0 5 bytes JMP 0000000100070400
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                             0000000077192b00 5 bytes JMP 0000000100070220
.text    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                     0000000077192be0 5 bytes JMP 0000000100070280
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\svchost.exe[3324] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                 0000000077163ae0 3 bytes JMP 00000001003b075c
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4                                             0000000077163ae4 1 byte [89]
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                   0000000077167a90 3 bytes JMP 00000001003b03a4
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4                                               0000000077167a94 1 byte [89]
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                      0000000077191490 5 bytes JMP 00000001003b0b14
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                          00000000771914f0 5 bytes JMP 00000001003b0ecc
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                 00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           00000000771915d0 5 bytes JMP 00000001003b163c
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                             0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                       0000000077191810 5 bytes JMP 00000001003b1284
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                           00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                            0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                        00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                       0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                      000000007707eecd 1 byte [62]
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                   000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                       000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                       000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                      000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                      000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                             000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                             000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1476] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                              000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                        000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                            000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                             000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                         0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                     000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                   0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                        0000000074e3a30a 1 byte [62]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                               0000000074bcee09 5 bytes JMP 00000001001001f8
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                0000000074bd3982 5 bytes JMP 00000001001003fc
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                             0000000074bd7603 5 bytes JMP 0000000100100804
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                             0000000074bd835c 5 bytes JMP 0000000100100600
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                           0000000074bef52b 5 bytes JMP 0000000100100a08
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                     0000000076275181 5 bytes JMP 0000000100111014
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                         0000000076275254 5 bytes JMP 0000000100110804
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                         00000000762753d5 5 bytes JMP 0000000100110a08
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                        00000000762754c2 5 bytes JMP 0000000100110c0c
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                        00000000762755e2 5 bytes JMP 0000000100110e10
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                               000000007627567c 5 bytes JMP 00000001001101f8
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                               000000007627589f 5 bytes JMP 00000001001103fc
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                0000000076275a22 5 bytes JMP 0000000100110600
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                      0000000074f71401 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                        0000000074f71419 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                      0000000074f71431 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                      0000000074f7144a 2 bytes [F7, 74]
.text    ...                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                         0000000074f714dd 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                  0000000074f714f5 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                         0000000074f7150d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                  0000000074f71525 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                        0000000074f7153d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                             0000000074f71555 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                      0000000074f7156d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                        0000000074f71585 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                           0000000074f7159d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                        0000000074f715b5 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                      0000000074f715cd 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                  0000000074f716b2 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                  0000000074f716bd 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                     000000007733f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                                    000000007733f99b 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                                                  000000007733fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                                                 000000007733fa17 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                        000000007733faa0 5 bytes JMP 0000000100280600
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                                                000000007733fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                                               000000007733fb2f 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                            000000007733fb38 5 bytes JMP 0000000100280804
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                          000000007733fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                                         000000007733fbdf 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                              000000007733fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                                             000000007733fc0f 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                       000000007733fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                                      000000007733fc27 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                         000000007733fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                                        000000007733fc3f 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                       000000007733fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                                      000000007733fc6f 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                             000000007733fc90 5 bytes JMP 0000000100280c0c
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                        000000007733fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                                       000000007733fcef 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                       000000007733fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                                      000000007733fd07 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                 000000007733fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                                                000000007733fd53 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5                                              000000007733fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15                                             000000007733fdb7 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                      000000007733fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                                     000000007733fe4b 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                                            000000007733ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15                                           000000007733ff93 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                         0000000077340018 5 bytes JMP 0000000100280a08
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                               0000000077340099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                                              00000000773400a3 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5                                             0000000077340781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15                                            000000007734078b 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                                                0000000077340ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                                               0000000077341007 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                                               000000007734105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15                                              0000000077341067 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                         00000000773410a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                                        00000000773410af 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                               000000007734111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                                              0000000077341127 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                  0000000077341321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15                                 000000007734132b 1 byte [90]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                     000000007735c45a 5 bytes JMP 00000001002801f8
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                   0000000077361217 5 bytes JMP 00000001002803fc
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW                                              0000000074e1103d 5 bytes JMP 0000000100010030
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA                                              0000000074e11072 5 bytes JMP 0000000100010070
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                        0000000074e3a30a 1 byte [62]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW                                              0000000074b7119f 5 bytes JMP 0000000100020030
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                                                0000000074b711cf 5 bytes JMP 0000000100020070
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                                                  0000000076524de0 5 bytes JMP 00000001002a03b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SelectObject                                                   0000000076524f70 5 bytes JMP 00000001002a05f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetBkMode                                                      00000000765251a2 5 bytes JMP 00000001002a08f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetTextColor                                                   000000007652522d 5 bytes JMP 00000001002a0a30
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!DeleteObject                                                   0000000076525689 5 bytes JMP 00000001002a01b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                       00000000765258b3 5 bytes JMP 00000001002a0170
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                                               0000000076526bad 5 bytes JMP 00000001002a0370
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SaveDC                                                         0000000076526e05 5 bytes JMP 00000001002a0570
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!RestoreDC                                                      0000000076526ead 5 bytes JMP 00000001002a0530
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode                                              0000000076527180 5 bytes JMP 00000001002a06b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!StretchDIBits                                                  0000000076527435 5 bytes JMP 00000001002a0770
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                      0000000076527bcc 5 bytes JMP 00000001002a00b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!IntersectClipRect                                              0000000076527dc4 5 bytes JMP 00000001002a03f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetTextAlign                                                   0000000076527fd5 5 bytes JMP 00000001002a0d70
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                                                00000000765282b2 5 bytes JMP 00000001002a0e30
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetTextAlign                                                   0000000076528401 5 bytes JMP 00000001002a09f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                                               000000007652879f 5 bytes JMP 00000001002a02f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                                                  0000000076528916 5 bytes JMP 00000001002a05b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                                                    0000000076528b7a 5 bytes JMP 00000001002a0970
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!MoveToEx                                                       0000000076528ee6 5 bytes JMP 00000001002a0470
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetFontData                                                    0000000076529875 5 bytes JMP 00000001002a0c70
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                                                   0000000076529936 5 bytes JMP 00000001002a0d30
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!Rectangle                                                      000000007652a53a 5 bytes JMP 00000001002a09b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetClipBox                                                     000000007652af9f 5 bytes JMP 00000001002a0330
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!LineTo                                                         000000007652b9e5 5 bytes JMP 00000001002a0430
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetICMMode                                                     000000007652bd55 5 bytes JMP 00000001002a0db0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!CreateICW                                                      000000007652c040 5 bytes JMP 00000001002a0130
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W                                          000000007652c107 5 bytes JMP 00000001002a0670
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetWorldTransform                                              000000007652c269 5 bytes JMP 00000001002a06f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                                                000000007652d1f1 5 bytes JMP 00000001002a0df0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A                                          000000007652d349 5 bytes JMP 00000001002a0630
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                                                    000000007652dce4 5 bytes JMP 00000001002a0930
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                      000000007652e743 5 bytes JMP 00000001002a00f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!ExtEscape                                                      00000000765303b7 5 bytes JMP 00000001002a02b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!Escape                                                         0000000076531bda 5 bytes JMP 00000001002a0270
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                                                   0000000076531e89 5 bytes JMP 00000001002a0cf0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                                                0000000076534843 5 bytes JMP 00000001002a0b30
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                                                  0000000076535690 5 bytes JMP 00000001002a0b70
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!EndPage                                                        0000000076536bde 5 bytes JMP 00000001002a0230
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!ResetDCW                                                       000000007653e2db 5 bytes JMP 00000001002a0ab0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                                               000000007654940d 5 bytes JMP 00000001002a0cb0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW                                    000000007654c621 5 bytes JMP 00000001002a0bb0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                                               000000007654d2b2 5 bytes JMP 00000001002a0bf0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW                                            000000007654d919 5 bytes JMP 00000001002a0c30
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!AbortDoc                                                       0000000076553adc 5 bytes JMP 00000001002a0030
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!EndDoc                                                         0000000076553f29 5 bytes JMP 00000001002a01f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!StartPage                                                      000000007655401a 5 bytes JMP 00000001002a0730
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!StartDocW                                                      0000000076554c51 5 bytes JMP 00000001002a07f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!BeginPath                                                      00000000765553fd 5 bytes JMP 00000001002a0830
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!SelectClipPath                                                 0000000076555454 5 bytes JMP 00000001002a0af0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!CloseFigure                                                    00000000765554af 5 bytes JMP 00000001002a0070
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!EndPath                                                        0000000076555506 5 bytes JMP 00000001002a0a70
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!StrokePath                                                     000000007655573f 5 bytes JMP 00000001002a07b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!FillPath                                                       00000000765557d2 5 bytes JMP 00000001002a0870
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!PolylineTo                                                     0000000076555c44 5 bytes JMP 00000001002a04f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                                                   0000000076555cd5 5 bytes JMP 00000001002a04b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\GDI32.dll!PolyDraw                                                       0000000076555d87 5 bytes JMP 00000001002a08b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!MapWindowPoints                                               0000000074bc8c40 5 bytes JMP 00000001002b0570
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW                                      0000000074bc9ebd 5 bytes JMP 00000001002b02b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                               0000000074bcee09 5 bytes JMP 00000001002c01f8
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA                                      0000000074bd0afa 5 bytes JMP 00000001002b02f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetClientRect                                                 0000000074bd0c62 7 bytes JMP 00000001002b05b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetParent                                                     0000000074bd0f68 7 bytes JMP 00000001002b06f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!IsWindowVisible                                               0000000074bd112d 7 bytes JMP 00000001002b06b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!PostMessageW                                                  0000000074bd12a5 5 bytes JMP 00000001002b05f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!ScreenToClient                                                0000000074bd227d 7 bytes JMP 00000001002b0670
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!MonitorFromWindow                                             0000000074bd3150 7 bytes JMP 00000001002b0630
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                0000000074bd3982 5 bytes JMP 00000001002c03fc
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!SetCursor                                                     0000000074bd41f6 5 bytes JMP 00000001002b0530
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA                                       0000000074bd68ef 5 bytes JMP 00000001002b0270
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                             0000000074bd7603 5 bytes JMP 00000001002c0804
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW                                       0000000074bd77fa 5 bytes JMP 00000001002b0230
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetTopWindow                                                  0000000074bd7887 7 bytes JMP 00000001002b0730
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                             0000000074bd835c 5 bytes JMP 00000001002c0600
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable                                    0000000074bd8676 5 bytes JMP 00000001002b00f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber                                    0000000074bd8696 5 bytes JMP 00000001002b0330
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!CloseClipboard                                                0000000074bd8e8d 5 bytes JMP 00000001002b00b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!OpenClipboard                                                 0000000074bd8ecb 5 bytes JMP 00000001002b0070
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain                                          0000000074bdc17b 5 bytes JMP 00000001002b0430
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats                                          0000000074bdc449 5 bytes JMP 00000001002b01b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow                                        0000000074bdc468 5 bytes JMP 00000001002b03f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!CountClipboardFormats                                         0000000074bdc486 5 bytes JMP 00000001002b01f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                            0000000074bdc4b6 5 bytes JMP 00000001002b04b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout                                        0000000074bdd6c0 5 bytes JMP 00000001002b04f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetClipboardOwner                                             0000000074bde360 5 bytes JMP 00000001002b0370
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                           0000000074bef52b 5 bytes JMP 00000001002c0a08
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!SetClipboardData                                              0000000074c08e57 5 bytes JMP 00000001002b0170
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                  0000000074c09cfd 5 bytes JMP 00000001002b0770
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetClipboardData                                              0000000074c09f1d 5 bytes JMP 00000001002b0030
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!EmptyClipboard                                                0000000074c27cb9 5 bytes JMP 00000001002b0130
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetClipboardViewer                                            0000000074c28111 5 bytes JMP 00000001002b0470
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat                                    0000000074c2832f 5 bytes JMP 00000001002b03b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                     0000000076275181 5 bytes JMP 00000001002d1014
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                         0000000076275254 5 bytes JMP 00000001002d0804
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                         00000000762753d5 5 bytes JMP 00000001002d0a08
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                        00000000762754c2 5 bytes JMP 00000001002d0c0c
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                        00000000762755e2 5 bytes JMP 00000001002d0e10
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                               000000007627567c 5 bytes JMP 00000001002d01f8
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                               000000007627589f 5 bytes JMP 00000001002d03fc
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                0000000076275a22 5 bytes JMP 00000001002d0600
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer                                            0000000074a19606 5 bytes JMP 00000001002e00f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle                                        0000000074a20581 3 bytes JMP 00000001002e0130
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle + 4                                    0000000074a20585 1 byte [8B]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext                                        0000000074a20bb9 3 bytes JMP 00000001002e0270
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext + 4                                    0000000074a20bbd 1 byte [8B]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken                                            0000000074a20c2e 3 bytes JMP 00000001002e01b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken + 4                                        0000000074a20c32 1 byte [8B]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA                                      0000000074a20f2e 3 bytes JMP 00000001002e0070
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA + 4                                  0000000074a20f32 1 byte [8B]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA                                  0000000074a21096 3 bytes JMP 00000001002e00b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA + 4                              0000000074a2109a 1 byte [8B]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                                               0000000074a2124e 3 bytes JMP 00000001002e01f0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!EncryptMessage + 4                                           0000000074a21252 1 byte [8B]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                                               0000000074a2129d 3 bytes JMP 00000001002e0230
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!DecryptMessage + 4                                           0000000074a212a1 1 byte [8B]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA                                    0000000074a21527 3 bytes JMP 00000001002e0030
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA + 4                                0000000074a2152b 1 byte {JMP 0xffffffffffffff8d}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA                                   0000000074a21590 3 bytes JMP 00000001002e0170
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA + 4                               0000000074a21594 1 byte {JMP 0xffffffffffffff8d}
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\ole32.dll!OleSetClipboard                                                0000000076400045 5 bytes JMP 00000001002f0030
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard                                          00000000764036b2 5 bytes JMP 00000001002f0070
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\ole32.dll!OleGetClipboard                                                000000007642fdcd 5 bytes JMP 00000001002f00b0
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                      0000000074f71401 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                        0000000074f71419 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                      0000000074f71431 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                      0000000074f7144a 2 bytes [F7, 74]
.text    ...                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                         0000000074f714dd 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                  0000000074f714f5 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                         0000000074f7150d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                  0000000074f71525 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                        0000000074f7153d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                             0000000074f71555 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                      0000000074f7156d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                        0000000074f71585 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                           0000000074f7159d 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                        0000000074f715b5 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                      0000000074f715cd 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                  0000000074f716b2 2 bytes [F7, 74]
.text    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                  0000000074f716bd 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                          000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                              000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                       000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                     0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                          0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                 0000000074bcee09 5 bytes JMP 00000001002501f8
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                  0000000074bd3982 5 bytes JMP 00000001002503fc
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                               0000000074bd7603 5 bytes JMP 0000000100250804
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                               0000000074bd835c 5 bytes JMP 0000000100250600
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                             0000000074bef52b 5 bytes JMP 0000000100250a08
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                       0000000076275181 5 bytes JMP 0000000100261014
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                           0000000076275254 5 bytes JMP 0000000100260804
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                           00000000762753d5 5 bytes JMP 0000000100260a08
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                          00000000762754c2 5 bytes JMP 0000000100260c0c
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                          00000000762755e2 5 bytes JMP 0000000100260e10
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                 000000007627567c 5 bytes JMP 00000001002601f8
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                 000000007627589f 5 bytes JMP 00000001002603fc
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                  0000000076275a22 5 bytes JMP 0000000100260600
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                        0000000074f71401 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                          0000000074f71419 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                        0000000074f71431 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                        0000000074f7144a 2 bytes [F7, 74]
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                           0000000074f714dd 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                    0000000074f714f5 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                           0000000074f7150d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                    0000000074f71525 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                          0000000074f7153d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                               0000000074f71555 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                        0000000074f7156d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                          0000000074f71585 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                             0000000074f7159d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                          0000000074f715b5 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                        0000000074f715cd 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                    0000000074f716b2 2 bytes [F7, 74]
.text    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                    0000000074f716bd 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                 000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                     000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                      000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                              000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                            0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                 0000000074e3a30a 1 byte [62]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                              0000000076275181 5 bytes JMP 00000001003c1014
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                  0000000076275254 5 bytes JMP 00000001003c0804
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                  00000000762753d5 5 bytes JMP 00000001003c0a08
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                 00000000762754c2 5 bytes JMP 00000001003c0c0c
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                 00000000762755e2 5 bytes JMP 00000001003c0e10
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                        000000007627567c 5 bytes JMP 00000001003c01f8
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                        000000007627589f 5 bytes JMP 00000001003c03fc
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                         0000000076275a22 5 bytes JMP 00000001003c0600
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                        0000000074bcee09 5 bytes JMP 00000001003d01f8
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                         0000000074bd3982 5 bytes JMP 00000001003d03fc
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                      0000000074bd7603 5 bytes JMP 00000001003d0804
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                      0000000074bd835c 5 bytes JMP 00000001003d0600
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                    0000000074bef52b 5 bytes JMP 00000001003d0a08
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                               0000000074f71401 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                 0000000074f71419 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                               0000000074f71431 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                               0000000074f7144a 2 bytes [F7, 74]
.text    ...                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                  0000000074f714dd 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                           0000000074f714f5 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                  0000000074f7150d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                           0000000074f71525 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                 0000000074f7153d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                      0000000074f71555 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                               0000000074f7156d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                 0000000074f71585 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                    0000000074f7159d 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                 0000000074f715b5 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                               0000000074f715cd 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                           0000000074f716b2 2 bytes [F7, 74]
.text    C:\Program Files (x86)\uTorrent\uTorrent.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                           0000000074f716bd 2 bytes [F7, 74]
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077163ae0 5 bytes JMP 000000010042075c
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                   0000000077167a90 5 bytes JMP 00000001004203a4
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                      0000000077191490 5 bytes JMP 0000000100420b14
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                          00000000771914f0 5 bytes JMP 0000000100420ecc
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           00000000771915d0 5 bytes JMP 000000010042163c
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                       0000000077191810 5 bytes JMP 0000000100421284
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                      000000007707eecd 1 byte [62]
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                   000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                       000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                       000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                      000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                      000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                             000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                             000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2644] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                              000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                        0000000077163ae0 5 bytes JMP 00000001003a075c
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                          0000000077167a90 5 bytes JMP 00000001003a03a4
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                              00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                       0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                             0000000077191490 5 bytes JMP 00000001003a0b14
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                 00000000771914f0 5 bytes JMP 00000001003a0ecc
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                            00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                        00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                  00000000771915d0 5 bytes JMP 00000001003a163c
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                       0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                         0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                       0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                     00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                      00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                              0000000077191810 5 bytes JMP 00000001003a1284
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                   0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                      00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                  00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                           0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                          0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                   0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                      0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                   0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                       0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                   0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                   0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                        0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                   00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                               00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                   00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                          0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                     0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                  0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                        00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                     00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                         0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                  0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                 0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                    0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                              0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                              0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                               0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                    0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                    0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                     0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                        0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                             000000007707eecd 1 byte [62]
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                          000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                              000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                              000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                             000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                             000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                    000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                    000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\taskhost.exe[6104] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                     000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                   000000007707eecd 1 byte [62]
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                    000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                    000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                   000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                   000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                          000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                          000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\SearchProtocolHost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                           000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                0000000077163ae0 3 bytes JMP 00000001003b075c
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4                                                                            0000000077163ae4 1 byte [89]
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                  0000000077167a90 3 bytes JMP 00000001003b03a4
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4                                                                              0000000077167a94 1 byte [89]
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                     0000000077191490 5 bytes JMP 00000001003b0b14
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                         00000000771914f0 5 bytes JMP 00000001003b0ecc
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00000000771915d0 5 bytes JMP 00000001003b163c
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      0000000077191810 5 bytes JMP 00000001003b1284
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                     000000007707eecd 1 byte [62]
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                  000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                      000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                      000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                     000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                     000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                            000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                            000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\system32\SearchFilterHost.exe[7144] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                             000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                 0000000077163ae0 5 bytes JMP 00000001001d075c
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                   0000000077167a90 5 bytes JMP 00000001001d03a4
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                       00000000771913c0 5 bytes JMP 00000000772f0440
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                0000000077191410 5 bytes JMP 00000000772f0430
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                      0000000077191490 5 bytes JMP 00000001001d0b14
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                          00000000771914f0 5 bytes JMP 00000001001d0ecc
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                     00000000771915c0 1 byte JMP 00000000772f0450
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2                                                                                 00000000771915c2 3 bytes {JMP 0x15ee90}
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                           00000000771915d0 5 bytes JMP 00000001001d163c
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                0000000077191680 5 bytes JMP 00000000772f0320
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                         00000000771916b0 5 bytes JMP 00000000772f0380
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                  0000000077191710 5 bytes JMP 00000000772f02e0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                             0000000077191760 5 bytes JMP 00000000772f0410
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                0000000077191790 5 bytes JMP 00000000772f02d0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                              00000000771917b0 5 bytes JMP 00000000772f0310
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                               00000000771917f0 5 bytes JMP 00000000772f0390
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                       0000000077191810 5 bytes JMP 00000001001d1284
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                            0000000077191840 5 bytes JMP 00000000772f03c0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                               00000000771919a0 1 byte JMP 00000000772f0230
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2                                                                                           00000000771919a2 3 bytes {JMP 0x15e890}
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                    0000000077191b60 5 bytes JMP 00000000772f0460
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                   0000000077191b90 5 bytes JMP 00000000772f0370
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                            0000000077191c70 5 bytes JMP 00000000772f02f0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                         0000000077191c80 5 bytes JMP 00000000772f0350
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                               0000000077191ce0 5 bytes JMP 00000000772f0290
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                            0000000077191d70 5 bytes JMP 00000000772f02b0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                             0000000077191d90 5 bytes JMP 00000000772f03a0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                0000000077191da0 1 byte JMP 00000000772f0330
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2                                                                                            0000000077191da2 3 bytes {JMP 0x15e590}
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                         0000000077191e10 5 bytes JMP 00000000772f03e0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                            0000000077191e40 5 bytes JMP 00000000772f0240
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                 0000000077192100 5 bytes JMP 00000000772f01e0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                            00000000771921c0 1 byte JMP 00000000772f0250
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2                                                                                        00000000771921c2 3 bytes {JMP 0x15e090}
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                            00000000771921f0 5 bytes JMP 00000000772f0470
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                   0000000077192200 5 bytes JMP 00000000772f0480
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                              0000000077192230 5 bytes JMP 00000000772f0300
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                           0000000077192240 5 bytes JMP 00000000772f0360
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                 00000000771922a0 5 bytes JMP 00000000772f02a0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                              00000000771922f0 5 bytes JMP 00000000772f02c0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                  0000000077192330 5 bytes JMP 00000000772f0340
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                           0000000077192620 5 bytes JMP 00000000772f0420
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                          0000000077192820 5 bytes JMP 00000000772f0260
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                             0000000077192830 5 bytes JMP 00000000772f0270
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                           0000000077192840 1 byte JMP 00000000772f03d0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2                                                                                       0000000077192842 3 bytes {JMP 0x15db90}
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                       0000000077192a00 5 bytes JMP 00000000772f01f0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                        0000000077192a10 5 bytes JMP 00000000772f0210
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                             0000000077192a80 5 bytes JMP 00000000772f0200
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                             0000000077192ae0 5 bytes JMP 00000000772f03f0
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                              0000000077192af0 5 bytes JMP 00000000772f0400
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                         0000000077192b00 5 bytes JMP 00000000772f0220
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                 0000000077192be0 5 bytes JMP 00000000772f0280
.text    C:\Windows\explorer.exe[3512] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                      000000007707eecd 1 byte [62]
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                                   000007fefdbd6e00 5 bytes JMP 000007ff7dbf1dac
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                                       000007fefdbd6f2c 5 bytes JMP 000007ff7dbf0ecc
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                                       000007fefdbd7220 5 bytes JMP 000007ff7dbf1284
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                                      000007fefdbd739c 5 bytes JMP 000007ff7dbf163c
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                                      000007fefdbd7538 5 bytes JMP 000007ff7dbf19f4
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                             000007fefdbd75e8 5 bytes JMP 000007ff7dbf03a4
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                             000007fefdbd790c 5 bytes JMP 000007ff7dbf075c
.text    C:\Windows\explorer.exe[3512] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                              000007fefdbd7ab4 5 bytes JMP 000007ff7dbf0b14
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                              000000007733faa0 5 bytes JMP 0000000100030600
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                  000000007733fb38 5 bytes JMP 0000000100030804
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                   000000007733fc90 5 bytes JMP 0000000100030c0c
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                               0000000077340018 5 bytes JMP 0000000100030a08
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                           000000007735c45a 5 bytes JMP 00000001000301f8
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                         0000000077361217 5 bytes JMP 00000001000303fc
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                              0000000074e3a30a 1 byte [62]
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                           0000000076275181 5 bytes JMP 0000000100241014
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                               0000000076275254 5 bytes JMP 0000000100240804
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                               00000000762753d5 5 bytes JMP 0000000100240a08
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                              00000000762754c2 5 bytes JMP 0000000100240c0c
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                              00000000762755e2 5 bytes JMP 0000000100240e10
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                                     000000007627567c 5 bytes JMP 00000001002401f8
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                                     000000007627589f 5 bytes JMP 00000001002403fc
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                                      0000000076275a22 5 bytes JMP 0000000100240600
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                     0000000074bcee09 5 bytes JMP 00000001002501f8
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                                      0000000074bd3982 5 bytes JMP 00000001002503fc
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                   0000000074bd7603 5 bytes JMP 0000000100250804
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                   0000000074bd835c 5 bytes JMP 0000000100250600
.text    C:\Users\Armyt\Desktop\gmer.exe[6288] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                 0000000074bef52b 5 bytes JMP 0000000100250a08

---- Threads - GMER 2.0 ----

Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:1748]                                                                                                           0000000077372e25
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:1752]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:1764]                                                                                                           0000000076277587
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:1780]                                                                                                           0000000072eb8d60
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:1864]                                                                                                           0000000072d46fe0
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:1868]                                                                                                           0000000072d46900
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2332]                                                                                                           0000000072d3c220
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2336]                                                                                                           0000000072d3c220
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2340]                                                                                                           0000000072d3c220
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2344]                                                                                                           0000000072d3c220
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2348]                                                                                                           0000000072d3c220
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2352]                                                                                                           0000000072d3d470
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2356]                                                                                                           0000000072d3ca80
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2360]                                                                                                           0000000072d586a0
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2364]                                                                                                           0000000072d57480
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2368]                                                                                                           0000000072d57850
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2372]                                                                                                           0000000072d3e780
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2376]                                                                                                           0000000072d3e780
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2380]                                                                                                           0000000072d3e780
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2384]                                                                                                           0000000072d3e780
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2388]                                                                                                           0000000072d3e780
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2392]                                                                                                           00000000723012f0
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2396]                                                                                                           0000000072302c10
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2400]                                                                                                           0000000072302c10
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2404]                                                                                                           00000000722d1070
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2408]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2412]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2416]                                                                                                           0000000072241010
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2420]                                                                                                           00000000722212f0
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2424]                                                                                                           0000000072201000
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2428]                                                                                                           0000000072d47b60
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2432]                                                                                                           0000000072d3e280
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2436]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2440]                                                                                                           0000000072cf5400
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2444]                                                                                                           00000000722d16a0
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2448]                                                                                                           00000000720e6120
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2460]                                                                                                           0000000072201280
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2476]                                                                                                           0000000071eb1670
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2480]                                                                                                           0000000071eb1840
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2488]                                                                                                           0000000072eb4290
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2492]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2504]                                                                                                           0000000072eb8650
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2512]                                                                                                           0000000072ec28c0
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2516]                                                                                                           0000000072ec6680
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2520]                                                                                                           0000000072eb9280
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2528]                                                                                                           0000000072ebb070
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2532]                                                                                                           0000000072ebb070
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2536]                                                                                                           0000000072ebb070
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2540]                                                                                                           0000000072ebb070
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2544]                                                                                                           0000000072ebb070
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2584]                                                                                                           0000000072ec0a60
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2588]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2920]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2924]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2928]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2932]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2936]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2940]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2944]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2948]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2952]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2956]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2960]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:2472]                                                                                                           00000000710924c7
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:3576]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:3580]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:3584]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:3588]                                                                                                           000000007316345e
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:3604]                                                                                                           0000000077373e45
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:788]                                                                                                            00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:5836]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:4588]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:1204]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:5440]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:5372]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:3796]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:4476]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:5760]                                                                                                           00000000731632ce
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:4860]                                                                                                           00000000722762ee
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:5524]                                                                                                           0000000077373e45
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:4336]                                                                                                           0000000077373e45
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:7136]                                                                                                           0000000077373e45
Thread   C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1628:4768]                                                                                                           0000000077373e45
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1812]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1816]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1820]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1824]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1828]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1832]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1836]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1840]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1844]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1848]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1852]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1856]                                                                                                            0000000072b98dc0
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1452]                                                                                                            0000000072b31180
Thread   C:\Program Files\AVAST Software\Avast\afwServ.exe [1768:1500]                                                                                                            0000000072bae3e0
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5060]                                                                                                           0000000065f2628d
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5072]                                                                                                           0000000065f252c2
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5076]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5080]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5084]                                                                                                           00000000722762ee
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5088]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5096]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5100]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5108]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5112]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5116]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4112]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4172]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4176]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4212]                                                                                                           0000000077372e25
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4148]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4152]                                                                                                           00000000744227e1
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4284]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:3364]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:3756]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:3764]                                                                                                           0000000072a432fb
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4312]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:500]                                                                                                            000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:3656]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4316]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:1308]                                                                                                           00000000745c27c1
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4364]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4812]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4868]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4936]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4944]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5696]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5700]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5704]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5708]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5712]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5716]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:3692]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:3548]                                                                                                           0000000074f242ed
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4416]                                                                                                           0000000077373e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5300]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:2972]                                                                                                           000000006650670b
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4600]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:900]                                                                                                            000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:7124]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:2964]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:6848]                                                                                                           0000000077377111
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:6192]                                                                                                           0000000077373e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:6932]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:6572]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:6552]                                                                                                           0000000077373e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:6796]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:6896]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:4344]                                                                                                           000000006948c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5012:5328]                                                                                                           0000000077373e45
Thread   C:\Program Files (x86)\Internet Explorer\IELowutil.exe [5360:5368]                                                                                                       0000000077372e25
Thread   C:\Program Files (x86)\Internet Explorer\IELowutil.exe [5360:5856]                                                                                                       0000000077373e45
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:336]                                                                                                   0000000065f252c2
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:4424]                                                                                                  000000006027eb50
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:5928]                                                                                                  000000006027eb50
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:4632]                                                                                                  0000000077372e25
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:5880]                                                                                                  0000000077373e45
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:5904]                                                                                                  000000006027eb50
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:3208]                                                                                                  000000006027eb50
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:3220]                                                                                                  00000000744227e1
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:4040]                                                                                                  0000000077377111
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:6308]                                                                                                  0000000077373e45
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5992:7008]                                                                                                  0000000077373e45
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files\AVAST Software\Avast\afwServ.exe [1768]                                                                                        0000000073240000
Library  ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3324]                                                                                                          000007fee7360000
Library  ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [6104]                                                                                                         000007fefd440000

---- EOF - GMER 2.0 ----
