GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-20 15:44:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0004 465,76GB
Running: aaaa.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  0000000077ad1360 5 bytes JMP 0000000100040460
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           0000000077ad13b0 5 bytes JMP 0000000100040450
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                           0000000077ad1510 5 bytes JMP 0000000100040370
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                0000000077ad1560 5 bytes JMP 0000000100040470
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      0000000077ad1570 5 bytes JMP 00000001000403e0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077ad1620 5 bytes JMP 0000000100040320
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    0000000077ad1650 5 bytes JMP 00000001000403b0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                       0000000077ad1670 5 bytes JMP 0000000100040390
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             0000000077ad16b0 5 bytes JMP 00000001000402e0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077ad1730 5 bytes JMP 00000001000402d0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         0000000077ad1750 5 bytes JMP 0000000100040310
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          0000000077ad1790 5 bytes JMP 00000001000403c0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       0000000077ad17e0 5 bytes JMP 00000001000403f0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          0000000077ad1940 5 bytes JMP 0000000100040230
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077ad1b00 5 bytes JMP 0000000100040480
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077ad1b30 5 bytes JMP 00000001000403a0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077ad1c10 5 bytes JMP 00000001000402f0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077ad1c20 5 bytes JMP 0000000100040350
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077ad1c80 5 bytes JMP 0000000100040290
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077ad1d10 5 bytes JMP 00000001000402b0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077ad1d30 5 bytes JMP 00000001000403d0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077ad1d40 5 bytes JMP 0000000100040330
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077ad1db0 5 bytes JMP 0000000100040410
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077ad1de0 5 bytes JMP 0000000100040240
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            0000000077ad20a0 5 bytes JMP 00000001000401e0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       0000000077ad2160 5 bytes JMP 0000000100040250
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       0000000077ad2190 5 bytes JMP 0000000100040490
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              0000000077ad21a0 5 bytes JMP 00000001000404a0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         0000000077ad21d0 5 bytes JMP 0000000100040300
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      0000000077ad21e0 5 bytes JMP 0000000100040360
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            0000000077ad2240 5 bytes JMP 00000001000402a0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         0000000077ad2290 5 bytes JMP 00000001000402c0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                            0000000077ad22c0 5 bytes JMP 0000000100040380
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             0000000077ad22d0 5 bytes JMP 0000000100040340
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      0000000077ad25c0 5 bytes JMP 0000000100040440
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     0000000077ad27c0 5 bytes JMP 0000000100040260
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        0000000077ad27d0 5 bytes JMP 0000000100040270
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      0000000077ad27e0 5 bytes JMP 0000000100040400
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  0000000077ad29a0 5 bytes JMP 00000001000401f0
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   0000000077ad29b0 5 bytes JMP 0000000100040210
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077ad2a20 5 bytes JMP 0000000100040200
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077ad2a80 5 bytes JMP 0000000100040420
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077ad2a90 5 bytes JMP 0000000100040430
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077ad2aa0 5 bytes JMP 0000000100040220
.text   C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077ad2b80 5 bytes JMP 0000000100040280
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  0000000077ad1360 5 bytes JMP 0000000149de0460
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           0000000077ad13b0 5 bytes JMP 0000000149de0450
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                           0000000077ad1510 5 bytes JMP 0000000149de0370
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                0000000077ad1560 5 bytes JMP 0000000149de0470
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      0000000077ad1570 5 bytes JMP 0000000149de03e0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077ad1620 5 bytes JMP 0000000149de0320
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    0000000077ad1650 5 bytes JMP 0000000149de03b0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                       0000000077ad1670 5 bytes JMP 0000000149de0390
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             0000000077ad16b0 5 bytes JMP 0000000149de02e0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077ad1730 5 bytes JMP 0000000149de02d0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         0000000077ad1750 5 bytes JMP 0000000149de0310
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          0000000077ad1790 5 bytes JMP 0000000149de03c0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       0000000077ad17e0 5 bytes JMP 0000000149de03f0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          0000000077ad1940 5 bytes JMP 0000000149de0230
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077ad1b00 5 bytes JMP 0000000149de0480
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077ad1b30 5 bytes JMP 0000000149de03a0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077ad1c10 5 bytes JMP 0000000149de02f0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077ad1c20 5 bytes JMP 0000000149de0350
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077ad1c80 5 bytes JMP 0000000149de0290
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077ad1d10 5 bytes JMP 0000000149de02b0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077ad1d30 5 bytes JMP 0000000149de03d0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077ad1d40 5 bytes JMP 0000000149de0330
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077ad1db0 5 bytes JMP 0000000149de0410
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077ad1de0 5 bytes JMP 0000000149de0240
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            0000000077ad20a0 5 bytes JMP 0000000149de01e0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       0000000077ad2160 5 bytes JMP 0000000149de0250
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       0000000077ad2190 5 bytes JMP 0000000149de0490
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              0000000077ad21a0 5 bytes JMP 0000000149de04a0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         0000000077ad21d0 5 bytes JMP 0000000149de0300
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      0000000077ad21e0 5 bytes JMP 0000000149de0360
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            0000000077ad2240 5 bytes JMP 0000000149de02a0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         0000000077ad2290 5 bytes JMP 0000000149de02c0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                            0000000077ad22c0 5 bytes JMP 0000000149de0380
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             0000000077ad22d0 5 bytes JMP 0000000149de0340
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      0000000077ad25c0 5 bytes JMP 0000000149de0440
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     0000000077ad27c0 5 bytes JMP 0000000149de0260
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        0000000077ad27d0 5 bytes JMP 0000000149de0270
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      0000000077ad27e0 5 bytes JMP 0000000149de0400
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  0000000077ad29a0 5 bytes JMP 0000000149de01f0
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   0000000077ad29b0 5 bytes JMP 0000000149de0210
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077ad2a20 5 bytes JMP 0000000149de0200
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077ad2a80 5 bytes JMP 0000000149de0420
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077ad2a90 5 bytes JMP 0000000149de0430
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077ad2aa0 5 bytes JMP 0000000149de0220
.text   C:\Windows\system32\csrss.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077ad2b80 5 bytes JMP 0000000149de0280
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\wininit.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               00000000779beecd 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\services.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\services.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                           0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                       0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                            0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\lsass.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                 00000000779beecd 1 byte [62]
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                    0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                             0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                             0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                  0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                        0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                             0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                      0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                         0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                               0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                             0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                           0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                            0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                         0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                            0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                 0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                         0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                      0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                            0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                         0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                          0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                             0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                      0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                         0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                              0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                         0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                         0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                           0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                        0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                              0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                           0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                              0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                               0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                        0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                       0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                          0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                        0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                    0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                     0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                          0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                          0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                           0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                      0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\lsm.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                              0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077ad1360 5 bytes JMP 0000000100070460
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077ad13b0 5 bytes JMP 0000000100070450
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077ad1510 5 bytes JMP 0000000100070370
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077ad1560 5 bytes JMP 0000000100070470
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077ad1570 5 bytes JMP 00000001000703e0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077ad1620 5 bytes JMP 0000000100070320
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077ad1650 5 bytes JMP 00000001000703b0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077ad1670 5 bytes JMP 0000000100070390
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077ad16b0 5 bytes JMP 00000001000702e0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077ad1730 5 bytes JMP 00000001000702d0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077ad1750 5 bytes JMP 0000000100070310
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077ad1790 5 bytes JMP 00000001000703c0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077ad17e0 5 bytes JMP 00000001000703f0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077ad1940 5 bytes JMP 0000000100070230
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077ad1b00 5 bytes JMP 0000000100070480
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077ad1b30 5 bytes JMP 00000001000703a0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077ad1c10 5 bytes JMP 00000001000702f0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077ad1c20 5 bytes JMP 0000000100070350
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077ad1c80 5 bytes JMP 0000000100070290
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077ad1d10 5 bytes JMP 00000001000702b0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077ad1d30 5 bytes JMP 00000001000703d0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077ad1d40 5 bytes JMP 0000000100070330
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077ad1db0 5 bytes JMP 0000000100070410
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077ad1de0 5 bytes JMP 0000000100070240
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077ad20a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077ad2160 5 bytes JMP 0000000100070250
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077ad2190 5 bytes JMP 0000000100070490
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077ad21a0 5 bytes JMP 00000001000704a0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077ad21d0 5 bytes JMP 0000000100070300
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077ad21e0 5 bytes JMP 0000000100070360
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077ad2240 5 bytes JMP 00000001000702a0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077ad2290 5 bytes JMP 00000001000702c0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          0000000077ad22c0 5 bytes JMP 0000000100070380
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077ad22d0 5 bytes JMP 0000000100070340
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077ad25c0 5 bytes JMP 0000000100070440
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077ad27c0 5 bytes JMP 0000000100070260
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077ad27d0 5 bytes JMP 0000000100070270
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077ad27e0 5 bytes JMP 0000000100070400
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077ad29a0 5 bytes JMP 00000001000701f0
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077ad29b0 5 bytes JMP 0000000100070210
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077ad2a20 5 bytes JMP 0000000100070200
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077ad2a80 5 bytes JMP 0000000100070420
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077ad2a90 5 bytes JMP 0000000100070430
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077ad2aa0 5 bytes JMP 0000000100070220
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077ad2b80 5 bytes JMP 0000000100070280
.text   C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               00000000779beecd 1 byte [62]
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               00000000779beecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\svchost.exe[172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               00000000779beecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[1084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                   0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\IDT\WDM\STacSV64.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                        00000000779beecd 1 byte [62]
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                          0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                   0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                   0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                        0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                              0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                   0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                               0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                     0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                   0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                 0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                  0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                               0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                  0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                       0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                      0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                               0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                            0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                  0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                               0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                   0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                            0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                               0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                    0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                               0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                               0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                      0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                 0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                              0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                    0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                 0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                    0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                     0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                              0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                             0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                          0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                           0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                 0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                            0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\vcsFPService.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                    0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\System32\spoolsv.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[1832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                 0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                 0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2136] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                           0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2136] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                         0000000076f51465 2 bytes [F5, 76]
.text   C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2136] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                        0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                       0000000077ad1360 5 bytes JMP 0000000077c30460
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                0000000077ad1510 5 bytes JMP 0000000077c30370
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                     0000000077ad1560 5 bytes JMP 0000000077c30470
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077ad1620 5 bytes JMP 0000000077c30320
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                         0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                            0000000077ad1670 5 bytes JMP 0000000077c30390
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                  0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077ad1750 5 bytes JMP 0000000077c30310
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                               0000000077ad1940 5 bytes JMP 0000000077c30230
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                   0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                            0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                         0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                               0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                            0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                         0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                            0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                            0000000077ad2160 5 bytes JMP 0000000077c30250
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                            0000000077ad2190 5 bytes JMP 0000000077c30490
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                   0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                              0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                           0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                 0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                              0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                 0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                  0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                           0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                          0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                             0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                           0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                        0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                             0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                              0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                 0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      00000000779beecd 1 byte [62]
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe[2404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 0000000076f9a2ba 1 byte [62]
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                             0000000077ad1360 5 bytes JMP 0000000077c30460
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                      0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000077ad1510 5 bytes JMP 0000000077c30370
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                           0000000077ad1560 5 bytes JMP 0000000077c30470
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000077ad1620 5 bytes JMP 0000000077c30320
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                  0000000077ad1670 5 bytes JMP 0000000077c30390
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                        0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                      0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000077ad1750 5 bytes JMP 0000000077c30310
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                  0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                     0000000077ad1940 5 bytes JMP 0000000077c30230
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                          0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                         0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                  0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                               0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                     0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                  0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                      0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                               0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                  0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                  0000000077ad2160 5 bytes JMP 0000000077c30250
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                  0000000077ad2190 5 bytes JMP 0000000077c30490
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                         0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                    0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                 0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                       0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                    0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                       0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                        0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                 0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                   0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                              0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                   0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                   0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                    0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   c:\Program Files\Intel\iCLS Client\HeciServer.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                       0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                       0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe[2508] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                              0000000076f9a2ba 1 byte [62]
.text   C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe[2556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\PDF Architect\HelperService.exe[2588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                       0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\PDF Architect\ConversionService.exe[2644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000076f9a2ba 1 byte [62]
.text   C:\Windows\system32\svchost.exe[2836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\STARTV~1.EXE[2924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                     0000000076f9a2ba 1 byte [62]
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                     000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                         000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                         000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                        000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                        000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                               000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                               000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\wbem\unsecapp.exe[3128] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                     000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                         000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                         000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                        000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                        000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                               000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                               000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\wbem\wmiprvse.exe[3352] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                   0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                       0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                        0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                    0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                              0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                   0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                0000000076a45181 5 bytes JMP 00000001001d1014
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                    0000000076a45254 5 bytes JMP 00000001001d0804
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                    0000000076a453d5 5 bytes JMP 00000001001d0a08
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                   0000000076a454c2 5 bytes JMP 00000001001d0c0c
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                   0000000076a455e2 5 bytes JMP 00000001001d0e10
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                          0000000076a4567c 5 bytes JMP 00000001001d01f8
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                          0000000076a4589f 5 bytes JMP 00000001001d03fc
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                           0000000076a45a22 5 bytes JMP 00000001001d0600
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                          0000000075aaee09 5 bytes JMP 00000001001e01f8
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                           0000000075ab3982 5 bytes JMP 00000001001e03fc
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                        0000000075ab7603 5 bytes JMP 00000001001e0804
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                        0000000075ab835c 5 bytes JMP 00000001001e0600
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                      0000000075acf52b 5 bytes JMP 00000001001e0a08
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000076f51465 2 bytes [F5, 76]
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         0000000077aa3b10 5 bytes JMP 00000001001a075c
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           0000000077aa7ac0 5 bytes JMP 00000001001a03a4
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077ad1430 5 bytes JMP 00000001001a0b14
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077ad1490 5 bytes JMP 00000001001a0ecc
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 00000001001a163c
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               0000000077ad17b0 5 bytes JMP 00000001001a1284
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 00000001001a19f4
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\svchost.exe[4152] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                          000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                              000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                              000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                             000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                             000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                    000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                    000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\System32\WUDFHost.exe[4336] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                     000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                   0000000077aa3b10 5 bytes JMP 00000001001e075c
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                     0000000077aa7ac0 5 bytes JMP 00000001001e03a4
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                        0000000077ad1430 5 bytes JMP 00000001001e0b14
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                            0000000077ad1490 5 bytes JMP 00000001001e0ecc
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000077ad1570 5 bytes JMP 00000001001e163c
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                         0000000077ad17b0 5 bytes JMP 00000001001e1284
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                   0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             0000000077ad27e0 5 bytes JMP 00000001001e19f4
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                        00000000779beecd 1 byte [62]
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                     000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                         000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                         000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                        000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                        000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                               000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                               000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\SearchIndexer.exe[4968] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                            0000000077aa3b10 5 bytes JMP 000000010035075c
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                              0000000077aa7ac0 5 bytes JMP 00000001003503a4
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                 0000000077ad1430 5 bytes JMP 0000000100350b14
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                     0000000077ad1490 5 bytes JMP 0000000100350ecc
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077ad1570 5 bytes JMP 000000010035163c
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                  0000000077ad17b0 5 bytes JMP 0000000100351284
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077ad27e0 5 bytes JMP 00000001003519f4
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                 00000000779beecd 1 byte [62]
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                              000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                  000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                  000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                 000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                 000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                        000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                        000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1592] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                         000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077aa3b10 5 bytes JMP 00000001001e075c
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  0000000077aa7ac0 5 bytes JMP 00000001001e03a4
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                      0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                               0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                     0000000077ad1430 5 bytes JMP 00000001001e0b14
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                         0000000077ad1490 5 bytes JMP 00000001001e0ecc
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                               0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                    0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077ad1570 5 bytes JMP 00000001001e163c
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                           0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                 0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                               0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                      0000000077ad17b0 5 bytes JMP 00000001001e1284
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                              0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                  0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                           0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                        0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                              0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                           0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                               0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                        0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                           0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                           0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                           0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                  0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                             0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                          0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                             0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                 0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                          0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                         0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                            0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          0000000077ad27e0 5 bytes JMP 00000001001e19f4
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                       0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                            0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                             0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                     00000000779beecd 1 byte [62]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                  000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                      000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                      000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                     000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                     000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                            000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                            000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4608] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                             000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                          0000000077aa3b10 5 bytes JMP 000000010037075c
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                            0000000077aa7ac0 5 bytes JMP 00000001003703a4
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077ad1360 5 bytes JMP 0000000100060460
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         0000000077ad13b0 5 bytes JMP 0000000100060450
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                               0000000077ad1430 5 bytes JMP 0000000100370b14
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                   0000000077ad1490 5 bytes JMP 0000000100370ecc
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077ad1510 5 bytes JMP 0000000100060370
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077ad1560 5 bytes JMP 0000000100060470
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077ad1570 5 bytes JMP 000000010037163c
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077ad1620 5 bytes JMP 0000000100060320
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077ad1650 5 bytes JMP 00000001000603b0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077ad1670 5 bytes JMP 0000000100060390
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           0000000077ad16b0 5 bytes JMP 00000001000602e0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077ad1730 5 bytes JMP 00000001000602d0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077ad1750 5 bytes JMP 0000000100060310
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077ad1790 5 bytes JMP 00000001000603c0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                0000000077ad17b0 5 bytes JMP 0000000100371284
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077ad17e0 5 bytes JMP 00000001000603f0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077ad1940 5 bytes JMP 0000000100060230
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077ad1b00 5 bytes JMP 0000000100060480
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077ad1b30 5 bytes JMP 00000001000603a0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077ad1c10 5 bytes JMP 00000001000602f0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077ad1c20 5 bytes JMP 0000000100060350
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077ad1c80 5 bytes JMP 0000000100060290
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077ad1d10 5 bytes JMP 00000001000602b0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077ad1d30 5 bytes JMP 00000001000603d0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077ad1d40 5 bytes JMP 0000000100060330
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077ad1db0 5 bytes JMP 0000000100060410
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077ad1de0 5 bytes JMP 0000000100060240
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077ad20a0 5 bytes JMP 00000001000601e0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077ad2160 5 bytes JMP 0000000100060250
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077ad2190 5 bytes JMP 0000000100060490
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            0000000077ad21a0 5 bytes JMP 00000001000604a0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       0000000077ad21d0 5 bytes JMP 0000000100060300
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    0000000077ad21e0 5 bytes JMP 0000000100060360
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077ad2240 5 bytes JMP 00000001000602a0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077ad2290 5 bytes JMP 00000001000602c0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          0000000077ad22c0 5 bytes JMP 0000000100060380
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           0000000077ad22d0 5 bytes JMP 0000000100060340
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    0000000077ad25c0 5 bytes JMP 0000000100060440
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   0000000077ad27c0 5 bytes JMP 0000000100060260
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      0000000077ad27d0 5 bytes JMP 0000000100060270
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    0000000077ad27e0 5 bytes JMP 00000001003719f4
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077ad29a0 5 bytes JMP 00000001000601f0
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 0000000077ad29b0 5 bytes JMP 0000000100060210
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077ad2a20 5 bytes JMP 0000000100060200
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077ad2a80 5 bytes JMP 0000000100060420
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077ad2a90 5 bytes JMP 0000000100060430
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077ad2aa0 5 bytes JMP 0000000100060220
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077ad2b80 5 bytes JMP 0000000100060280
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                               00000000779beecd 1 byte [62]
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                            000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                                000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                                000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                               000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                               000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                      000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                      000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\nvvsvc.exe[5104] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                       000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077aa3b10 5 bytes JMP 00000001002b075c
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  0000000077aa7ac0 5 bytes JMP 00000001002b03a4
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                      0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                               0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                     0000000077ad1430 5 bytes JMP 00000001002b0b14
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                         0000000077ad1490 5 bytes JMP 00000001002b0ecc
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                               0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                    0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077ad1570 5 bytes JMP 00000001002b163c
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                           0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                 0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                               0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                      0000000077ad17b0 5 bytes JMP 00000001002b1284
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                              0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                  0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                           0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                        0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                              0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                           0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                               0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                        0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                           0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                           0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                           0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                  0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                             0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                          0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                             0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                 0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                          0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                         0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                            0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          0000000077ad27e0 5 bytes JMP 00000001002b19f4
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                       0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                            0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                             0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                     00000000779beecd 1 byte [62]
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                  000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                      000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                      000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                     000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                     000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                            000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                            000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1428] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                             000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                  0000000077aa3b10 5 bytes JMP 00000001002e075c
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077aa7ac0 5 bytes JMP 00000001002e03a4
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                        0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                 0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                       0000000077ad1430 5 bytes JMP 00000001002e0b14
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                           0000000077ad1490 5 bytes JMP 00000001002e0ecc
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                 0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                      0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            0000000077ad1570 5 bytes JMP 00000001002e163c
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                 0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                             0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                   0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                 0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                               0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                        0000000077ad17b0 5 bytes JMP 00000001002e1284
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                             0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                     0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                    0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                             0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                          0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                             0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                 0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                          0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                             0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                  0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                             0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                             0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                    0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                               0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                            0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                  0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                               0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                  0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                   0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                            0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                           0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                              0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            0000000077ad27e0 5 bytes JMP 00000001002e19f4
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                        0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                         0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                              0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                              0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                               0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                          0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                  0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                       00000000779beecd 1 byte [62]
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                    000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                        000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                        000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                       000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                       000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                              000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                              000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2532] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                               000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                          0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                              0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                               0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                           0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                               0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                       0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                     0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                          0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                       0000000076a45181 5 bytes JMP 00000001000a1014
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                           0000000076a45254 5 bytes JMP 00000001000a0804
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                           0000000076a453d5 5 bytes JMP 00000001000a0a08
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                          0000000076a454c2 5 bytes JMP 00000001000a0c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                          0000000076a455e2 5 bytes JMP 00000001000a0e10
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                 0000000076a4567c 5 bytes JMP 00000001000a01f8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                 0000000076a4589f 5 bytes JMP 00000001000a03fc
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\SysWOW64\sechost.dll!DeleteService                                  0000000076a45a22 5 bytes JMP 00000001000a0600
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                 0000000075aaee09 5 bytes JMP 00000001001601f8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                  0000000075ab3982 5 bytes JMP 00000001001603fc
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                               0000000075ab7603 5 bytes JMP 0000000100160804
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                               0000000075ab835c 5 bytes JMP 0000000100160600
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                             0000000075acf52b 5 bytes JMP 0000000100160a08
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                            0000000076a45181 5 bytes JMP 00000001000a1014
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                0000000076a45254 5 bytes JMP 00000001000a0804
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                0000000076a453d5 5 bytes JMP 00000001000a0a08
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                               0000000076a454c2 5 bytes JMP 00000001000a0c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                               0000000076a455e2 5 bytes JMP 00000001000a0e10
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                      0000000076a4567c 5 bytes JMP 00000001000a01f8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                      0000000076a4589f 5 bytes JMP 00000001000a03fc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\SysWOW64\sechost.dll!DeleteService                                       0000000076a45a22 5 bytes JMP 00000001000a0600
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                      0000000075aaee09 5 bytes JMP 00000001000b01f8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                       0000000075ab3982 5 bytes JMP 00000001000b03fc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                    0000000075ab7603 5 bytes JMP 00000001000b0804
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                    0000000075ab835c 5 bytes JMP 00000001000b0600
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3560] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                  0000000075acf52b 5 bytes JMP 00000001000b0a08
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         0000000077aa3b10 5 bytes JMP 000000010018075c
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           0000000077aa7ac0 5 bytes JMP 00000001001803a4
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077ad1430 5 bytes JMP 0000000100180b14
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077ad1490 5 bytes JMP 0000000100180ecc
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 000000010018163c
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               0000000077ad17b0 5 bytes JMP 0000000100181284
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 00000001001819f4
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\svchost.exe[4128] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         0000000077aa3b10 5 bytes JMP 00000001003e075c
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           0000000077aa7ac0 5 bytes JMP 00000001003e03a4
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000100070460
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000100070450
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077ad1430 5 bytes JMP 00000001003e0b14
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077ad1490 5 bytes JMP 00000001003e0ecc
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000100070370
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000100070470
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 00000001003e163c
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000100070320
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 00000001000703b0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000100070390
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 00000001000702e0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 00000001000702d0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000100070310
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 00000001000703c0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               0000000077ad17b0 5 bytes JMP 00000001003e1284
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 00000001000703f0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000100070230
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000100070480
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 00000001000703a0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 00000001000702f0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000100070350
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000100070290
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 00000001000702b0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 00000001000703d0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000100070330
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000100070410
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000100070240
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000100070250
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000100070490
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 00000001000704a0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000100070300
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000100070360
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 00000001000702a0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 00000001000702c0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000100070380
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000100070340
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000100070440
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000100070260
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000100070270
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 00000001003e19f4
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 00000001000701f0
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000100070210
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000100070200
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000100070420
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000100070430
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000100070220
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000100070280
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\system32\USER32.dll!UnhookWinEvent                                                                                      0000000077868550 5 bytes JMP 000000010050075c
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                                                                 000000007786d440 5 bytes JMP 0000000100501284
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                                                   000000007786f874 5 bytes JMP 0000000100500ecc
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                     0000000077874d4c 5 bytes JMP 00000001005003a4
.text   C:\Windows\System32\svchost.exe[3740] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                                                   0000000077888c20 5 bytes JMP 0000000100500b14
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                            0000000076a45181 5 bytes JMP 00000001001a1014
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                0000000076a45254 5 bytes JMP 00000001001a0804
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                0000000076a453d5 5 bytes JMP 00000001001a0a08
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                               0000000076a454c2 5 bytes JMP 00000001001a0c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                               0000000076a455e2 5 bytes JMP 00000001001a0e10
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                      0000000076a4567c 5 bytes JMP 00000001001a01f8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                      0000000076a4589f 5 bytes JMP 00000001001a03fc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\SysWOW64\sechost.dll!DeleteService                                       0000000076a45a22 5 bytes JMP 00000001001a0600
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                      0000000075aaee09 5 bytes JMP 00000001001b01f8
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                       0000000075ab3982 5 bytes JMP 00000001001b03fc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                    0000000075ab7603 5 bytes JMP 00000001001b0804
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                    0000000075ab835c 5 bytes JMP 00000001001b0600
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3760] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                  0000000075acf52b 5 bytes JMP 00000001001b0a08
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                        0000000077aa3b10 5 bytes JMP 00000001002a075c
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                          0000000077aa7ac0 5 bytes JMP 00000001002a03a4
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                              0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                       0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                             0000000077ad1430 5 bytes JMP 00000001002a0b14
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                 0000000077ad1490 5 bytes JMP 00000001002a0ecc
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                       0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                            0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                  0000000077ad1570 5 bytes JMP 00000001002a163c
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                       0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                   0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                         0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                       0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                     0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                      0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                              0000000077ad17b0 5 bytes JMP 00000001002a1284
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                   0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                      0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                           0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                          0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                   0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                      0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                   0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                       0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                   0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                        0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                   0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                   0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                          0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                     0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                  0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                        0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                     0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                        0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                         0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                  0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                 0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                    0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  0000000077ad27e0 5 bytes JMP 00000001002a19f4
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                              0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                               0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                    0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                    0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                     0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                        0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                             00000000779beecd 1 byte [62]
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                          000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                              000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                              000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                             000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                             000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                    000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                    000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\taskhost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                     000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                             0000000077aa3b10 5 bytes JMP 000000010025075c
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                               0000000077aa7ac0 5 bytes JMP 00000001002503a4
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                  0000000077ad1430 5 bytes JMP 0000000100250b14
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                      0000000077ad1490 5 bytes JMP 0000000100250ecc
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                       0000000077ad1570 5 bytes JMP 000000010025163c
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                   0000000077ad17b0 5 bytes JMP 0000000100251284
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                       0000000077ad27e0 5 bytes JMP 00000001002519f4
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                  00000000779beecd 1 byte [62]
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                               000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                                   000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                                   000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                                  000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                                  000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                         000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                         000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\system32\Dwm.exe[3476] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                          000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                                 0000000077aa3b10 5 bytes JMP 00000001002f075c
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                                   0000000077aa7ac0 5 bytes JMP 00000001002f03a4
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                       0000000077ad1360 5 bytes JMP 0000000100070460
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                0000000077ad13b0 5 bytes JMP 0000000100070450
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                      0000000077ad1430 5 bytes JMP 00000001002f0b14
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                          0000000077ad1490 5 bytes JMP 00000001002f0ecc
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                0000000077ad1510 5 bytes JMP 0000000100070370
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                     0000000077ad1560 5 bytes JMP 0000000100070470
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                           0000000077ad1570 5 bytes JMP 00000001002f163c
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                0000000077ad1620 5 bytes JMP 0000000100070320
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                         0000000077ad1650 5 bytes JMP 00000001000703b0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                            0000000077ad1670 5 bytes JMP 0000000100070390
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                  0000000077ad16b0 5 bytes JMP 00000001000702e0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                0000000077ad1730 5 bytes JMP 00000001000702d0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                              0000000077ad1750 5 bytes JMP 0000000100070310
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                               0000000077ad1790 5 bytes JMP 00000001000703c0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                       0000000077ad17b0 5 bytes JMP 00000001002f1284
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                            0000000077ad17e0 5 bytes JMP 00000001000703f0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                               0000000077ad1940 5 bytes JMP 0000000100070230
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                    0000000077ad1b00 5 bytes JMP 0000000100070480
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                   0000000077ad1b30 5 bytes JMP 00000001000703a0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                            0000000077ad1c10 5 bytes JMP 00000001000702f0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                         0000000077ad1c20 5 bytes JMP 0000000100070350
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                               0000000077ad1c80 5 bytes JMP 0000000100070290
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                            0000000077ad1d10 5 bytes JMP 00000001000702b0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                             0000000077ad1d30 5 bytes JMP 00000001000703d0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                0000000077ad1d40 5 bytes JMP 0000000100070330
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                         0000000077ad1db0 5 bytes JMP 0000000100070410
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                            0000000077ad1de0 5 bytes JMP 0000000100070240
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                 0000000077ad20a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                            0000000077ad2160 5 bytes JMP 0000000100070250
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                            0000000077ad2190 5 bytes JMP 0000000100070490
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                   0000000077ad21a0 5 bytes JMP 00000001000704a0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                              0000000077ad21d0 5 bytes JMP 0000000100070300
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                           0000000077ad21e0 5 bytes JMP 0000000100070360
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                 0000000077ad2240 5 bytes JMP 00000001000702a0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                              0000000077ad2290 5 bytes JMP 00000001000702c0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                 0000000077ad22c0 5 bytes JMP 0000000100070380
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                  0000000077ad22d0 5 bytes JMP 0000000100070340
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                           0000000077ad25c0 5 bytes JMP 0000000100070440
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                          0000000077ad27c0 5 bytes JMP 0000000100070260
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                             0000000077ad27d0 5 bytes JMP 0000000100070270
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                           0000000077ad27e0 5 bytes JMP 00000001002f19f4
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                       0000000077ad29a0 5 bytes JMP 00000001000701f0
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                        0000000077ad29b0 5 bytes JMP 0000000100070210
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                             0000000077ad2a20 5 bytes JMP 0000000100070200
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                             0000000077ad2a80 5 bytes JMP 0000000100070420
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                              0000000077ad2a90 5 bytes JMP 0000000100070430
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                         0000000077ad2aa0 5 bytes JMP 0000000100070220
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                 0000000077ad2b80 5 bytes JMP 0000000100070280
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                      00000000779beecd 1 byte [62]
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                                   000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                                       000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                                       000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                                      000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                                      000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                             000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                             000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\Explorer.EXE[5144] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                              000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                        00000000779beecd 1 byte [62]
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                     000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                         000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                         000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                        000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                        000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                               000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                               000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\IDT\WDM\sttray64.exe[5932] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           0000000077aa3b10 5 bytes JMP 00000001001a075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             0000000077aa7ac0 5 bytes JMP 00000001001a03a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                0000000077ad1430 5 bytes JMP 00000001001a0b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    0000000077ad1490 5 bytes JMP 00000001001a0ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000077ad1570 5 bytes JMP 00000001001a163c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 0000000077ad17b0 5 bytes JMP 00000001001a1284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000077ad27e0 5 bytes JMP 00000001001a19f4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                00000000779beecd 1 byte [62]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6004] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                        000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                         000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                             000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                             000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                            000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                            000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                   000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                   000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Windows\WindowsMobile\wmdc.exe[5228] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                    000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                          000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                              000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                              000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                             000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                             000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                    000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                    000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5424] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                     000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                          0000000077c7fac0 5 bytes JMP 0000000100230600
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                              0000000077c7fb58 5 bytes JMP 0000000100230804
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               0000000077c7fcb0 5 bytes JMP 0000000100230c0c
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000077c80038 5 bytes JMP 0000000100230a08
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               0000000077c81920 5 bytes JMP 0000000100230e10
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                       0000000077c9c4dd 5 bytes JMP 00000001002301f8
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                     0000000077ca1287 5 bytes JMP 00000001002303fc
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                          0000000076f9a2ba 1 byte [62]
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                 0000000075aaee09 5 bytes JMP 00000001002401f8
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                  0000000075ab3982 5 bytes JMP 00000001002403fc
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                               0000000075ab7603 5 bytes JMP 0000000100240804
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                               0000000075ab835c 5 bytes JMP 0000000100240600
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                             0000000075acf52b 5 bytes JMP 0000000100240a08
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                       0000000076a45181 5 bytes JMP 0000000100251014
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                           0000000076a45254 5 bytes JMP 0000000100250804
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                           0000000076a453d5 5 bytes JMP 0000000100250a08
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                          0000000076a454c2 5 bytes JMP 0000000100250c0c
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                          0000000076a455e2 5 bytes JMP 0000000100250e10
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                 0000000076a4567c 5 bytes JMP 00000001002501f8
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                 0000000076a4589f 5 bytes JMP 00000001002503fc
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                  0000000076a45a22 5 bytes JMP 0000000100250600
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000076f51465 2 bytes [F5, 76]
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      0000000077aa3b10 5 bytes JMP 000000010029075c
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                        0000000077aa7ac0 5 bytes JMP 00000001002903a4
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                            0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                     0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           0000000077ad1430 5 bytes JMP 0000000100290b14
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               0000000077ad1490 5 bytes JMP 0000000100290ecc
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                     0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                          0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                0000000077ad1570 5 bytes JMP 000000010029163c
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                     0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                              0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                 0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                       0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                     0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                   0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                    0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            0000000077ad17b0 5 bytes JMP 0000000100291284
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                 0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                    0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                         0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                        0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                 0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                              0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                    0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                 0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                  0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                     0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                              0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                 0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                      0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                 0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                 0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                        0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                   0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                      0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                   0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                      0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                       0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                               0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                  0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                0000000077ad27e0 5 bytes JMP 00000001002919f4
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                            0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                             0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                  0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                  0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                   0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                              0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                      0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                           00000000779beecd 1 byte [62]
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5540] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                   000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                          0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                              0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                               0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                           0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                               0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                       0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                     0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                          0000000076f9a2ba 1 byte [62]
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                 0000000075aaee09 5 bytes JMP 00000001002b01f8
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                  0000000075ab3982 5 bytes JMP 00000001002b03fc
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                               0000000075ab7603 5 bytes JMP 00000001002b0804
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                               0000000075ab835c 5 bytes JMP 00000001002b0600
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                             0000000075acf52b 5 bytes JMP 00000001002b0a08
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                       0000000076a45181 5 bytes JMP 00000001002c1014
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                           0000000076a45254 5 bytes JMP 00000001002c0804
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                           0000000076a453d5 5 bytes JMP 00000001002c0a08
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                          0000000076a454c2 5 bytes JMP 00000001002c0c0c
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                          0000000076a455e2 5 bytes JMP 00000001002c0e10
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                 0000000076a4567c 5 bytes JMP 00000001002c01f8
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                 0000000076a4589f 5 bytes JMP 00000001002c03fc
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                  0000000076a45a22 5 bytes JMP 00000001002c0600
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000076f51465 2 bytes [F5, 76]
.text   C:\Users\HP\AppData\Local\Akamai\netsession_win.exe[5796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5452] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                   000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory     0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory         0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory      0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread          0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                  0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112     0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\syswow64\USER32.dll!SetWinEventHook            0000000075aaee09 5 bytes JMP 00000001001001f8
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\syswow64\USER32.dll!UnhookWinEvent             0000000075ab3982 5 bytes JMP 00000001001003fc
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW          0000000075ab7603 5 bytes JMP 0000000100100804
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA          0000000075ab835c 5 bytes JMP 0000000100100600
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx        0000000075acf52b 5 bytes JMP 0000000100100a08
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity  0000000076a45181 5 bytes JMP 0000000100111014
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA      0000000076a45254 5 bytes JMP 0000000100110804
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW      0000000076a453d5 5 bytes JMP 0000000100110a08
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A     0000000076a454c2 5 bytes JMP 0000000100110c0c
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W     0000000076a455e2 5 bytes JMP 0000000100110e10
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!CreateServiceA            0000000076a4567c 5 bytes JMP 00000001001101f8
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!CreateServiceW            0000000076a4589f 5 bytes JMP 00000001001103fc
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4688] C:\Windows\SysWOW64\sechost.dll!DeleteService             0000000076a45a22 5 bytes JMP 0000000100110600
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                              0000000077aa3b10 5 bytes JMP 000000010026075c
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                0000000077aa7ac0 5 bytes JMP 00000001002603a4
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                   0000000077ad1430 5 bytes JMP 0000000100260b14
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                       0000000077ad1490 5 bytes JMP 0000000100260ecc
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        0000000077ad1570 5 bytes JMP 000000010026163c
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                    0000000077ad17b0 5 bytes JMP 0000000100261284
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        0000000077ad27e0 5 bytes JMP 00000001002619f4
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                   00000000779beecd 1 byte [62]
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                    000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                    000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                   000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                   000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                          000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                          000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                           000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\system32\USER32.dll!UnhookWinEvent                                           0000000077868550 5 bytes JMP 00000001005d075c
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                      000000007786d440 5 bytes JMP 00000001005d1284
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                        000000007786f874 5 bytes JMP 00000001005d0ecc
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\system32\USER32.dll!SetWinEventHook                                          0000000077874d4c 5 bytes JMP 00000001005d03a4
.text   C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                        0000000077888c20 5 bytes JMP 00000001005d0b14
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[5724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                            0000000076f9a2ba 1 byte [62]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                  0000000077aa3b10 5 bytes JMP 000000010042075c
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077aa7ac0 5 bytes JMP 00000001004203a4
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                        0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                 0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                       0000000077ad1430 5 bytes JMP 0000000100420b14
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                           0000000077ad1490 5 bytes JMP 0000000100420ecc
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                 0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                      0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            0000000077ad1570 5 bytes JMP 000000010042163c
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                 0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                             0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                   0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                 0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                               0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                        0000000077ad17b0 5 bytes JMP 0000000100421284
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                             0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                     0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                    0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                             0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                          0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                             0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                 0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                          0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                             0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                  0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                             0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                             0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                    0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                               0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                            0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                  0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                               0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                  0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                   0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                            0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                           0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                              0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            0000000077ad27e0 5 bytes JMP 00000001004219f4
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                        0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                         0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                              0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                              0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                               0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                          0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                  0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                       00000000779beecd 1 byte [62]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                    000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                        000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                        000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                       000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                       000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                              000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                              000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2208] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                               000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                               0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                   0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                    0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                    0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                            0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                          0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                               0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                            0000000076a45181 5 bytes JMP 0000000100101014
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                0000000076a45254 5 bytes JMP 0000000100100804
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                0000000076a453d5 5 bytes JMP 0000000100100a08
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                               0000000076a454c2 5 bytes JMP 0000000100100c0c
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                               0000000076a455e2 5 bytes JMP 0000000100100e10
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                      0000000076a4567c 5 bytes JMP 00000001001001f8
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                      0000000076a4589f 5 bytes JMP 00000001001003fc
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                       0000000076a45a22 5 bytes JMP 0000000100100600
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                      0000000075aaee09 5 bytes JMP 00000001001101f8
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                       0000000075ab3982 5 bytes JMP 00000001001103fc
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                    0000000075ab7603 5 bytes JMP 0000000100110804
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                    0000000075ab835c 5 bytes JMP 0000000100110600
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                  0000000075acf52b 5 bytes JMP 0000000100110a08
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000076f51465 2 bytes [F5, 76]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                 0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                     0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                      0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                  0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                      0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                              0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                            0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                 0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\syswow64\USER32.dll!SetWinEventHook                        0000000075aaee09 5 bytes JMP 00000001001001f8
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                         0000000075ab3982 5 bytes JMP 00000001001003fc
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                      0000000075ab7603 5 bytes JMP 0000000100100804
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                      0000000075ab835c 5 bytes JMP 0000000100100600
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                    0000000075acf52b 5 bytes JMP 0000000100100a08
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity              0000000076a45181 5 bytes JMP 0000000100111014
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                  0000000076a45254 5 bytes JMP 0000000100110804
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                  0000000076a453d5 5 bytes JMP 0000000100110a08
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                 0000000076a454c2 5 bytes JMP 0000000100110c0c
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                 0000000076a455e2 5 bytes JMP 0000000100110e10
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                        0000000076a4567c 5 bytes JMP 00000001001101f8
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                        0000000076a4589f 5 bytes JMP 00000001001103fc
.text   C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[6172] C:\Windows\SysWOW64\sechost.dll!DeleteService                         0000000076a45a22 5 bytes JMP 0000000100110600
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                             0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                 0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                  0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                              0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                  0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                          0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                        0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                             0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                          0000000076a45181 5 bytes JMP 0000000100251014
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                              0000000076a45254 5 bytes JMP 0000000100250804
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                              0000000076a453d5 5 bytes JMP 0000000100250a08
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                             0000000076a454c2 5 bytes JMP 0000000100250c0c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                             0000000076a455e2 5 bytes JMP 0000000100250e10
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                    0000000076a4567c 5 bytes JMP 00000001002501f8
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                    0000000076a4589f 5 bytes JMP 00000001002503fc
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                     0000000076a45a22 5 bytes JMP 0000000100250600
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                    0000000075aaee09 5 bytes JMP 00000001002601f8
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                     0000000075ab3982 5 bytes JMP 00000001002603fc
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                  0000000075ab7603 5 bytes JMP 0000000100260804
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                  0000000075ab835c 5 bytes JMP 0000000100260600
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6460] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                0000000075acf52b 5 bytes JMP 0000000100260a08
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                               0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                   0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                    0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                    0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                            0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                          0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                               0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                            0000000076a45181 5 bytes JMP 0000000100101014
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                0000000076a45254 5 bytes JMP 0000000100100804
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                0000000076a453d5 5 bytes JMP 0000000100100a08
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                               0000000076a454c2 5 bytes JMP 0000000100100c0c
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                               0000000076a455e2 5 bytes JMP 0000000100100e10
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                      0000000076a4567c 5 bytes JMP 00000001001001f8
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                      0000000076a4589f 5 bytes JMP 00000001001003fc
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                       0000000076a45a22 5 bytes JMP 0000000100100600
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                      0000000075aaee09 5 bytes JMP 00000001001101f8
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                       0000000075ab3982 5 bytes JMP 00000001001103fc
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                    0000000075ab7603 5 bytes JMP 0000000100110804
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                    0000000075ab835c 5 bytes JMP 0000000100110600
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[6468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                  0000000075acf52b 5 bytes JMP 0000000100110a08
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                            0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                 0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                             0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                 0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                         0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                       0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                            0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                   0000000075aaee09 5 bytes JMP 00000001002401f8
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                    0000000075ab3982 5 bytes JMP 00000001002403fc
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                 0000000075ab7603 5 bytes JMP 0000000100240804
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                 0000000075ab835c 5 bytes JMP 0000000100240600
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                               0000000075acf52b 5 bytes JMP 0000000100240a08
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                         0000000076a45181 5 bytes JMP 0000000100251014
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                             0000000076a45254 5 bytes JMP 0000000100250804
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                             0000000076a453d5 5 bytes JMP 0000000100250a08
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                            0000000076a454c2 5 bytes JMP 0000000100250c0c
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                            0000000076a455e2 5 bytes JMP 0000000100250e10
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                   0000000076a4567c 5 bytes JMP 00000001002501f8
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                   0000000076a4589f 5 bytes JMP 00000001002503fc
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                    0000000076a45a22 5 bytes JMP 0000000100250600
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                          0000000076f51465 2 bytes [F5, 76]
.text   C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[6704] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                         0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                               0000000077aa3b10 5 bytes JMP 00000001001e075c
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                 0000000077aa7ac0 5 bytes JMP 00000001001e03a4
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                              0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                    0000000077ad1430 5 bytes JMP 00000001001e0b14
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                        0000000077ad1490 5 bytes JMP 00000001001e0ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         0000000077ad1570 5 bytes JMP 00000001001e163c
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                            0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                             0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                     0000000077ad17b0 5 bytes JMP 00000001001e1284
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                               0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         0000000077ad27e0 5 bytes JMP 00000001001e19f4
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                               0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                    00000000779beecd 1 byte [62]
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                 000007fefe4b6e00 5 bytes JMP 000007ff7e4d1dac
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                     000007fefe4b6f2c 5 bytes JMP 000007ff7e4d0ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                     000007fefe4b7220 5 bytes JMP 000007ff7e4d1284
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                    000007fefe4b739c 5 bytes JMP 000007ff7e4d163c
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                    000007fefe4b7538 5 bytes JMP 000007ff7e4d19f4
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                           000007fefe4b75e8 5 bytes JMP 000007ff7e4d03a4
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                           000007fefe4b790c 5 bytes JMP 000007ff7e4d075c
.text   C:\Program Files\iPod\bin\iPodService.exe[6820] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                            000007fefe4b7ab4 5 bytes JMP 000007ff7e4d0b14
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                             0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                 0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                  0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                              0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                  0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                          0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                        0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                             0000000076f9a2ba 1 byte [62]
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                    0000000075aaee09 5 bytes JMP 00000001000b01f8
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                                     0000000075ab3982 5 bytes JMP 00000001000b03fc
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                  0000000075ab7603 5 bytes JMP 00000001000b0804
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                  0000000075ab835c 5 bytes JMP 00000001000b0600
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                0000000075acf52b 5 bytes JMP 00000001000b0a08
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                          0000000076a45181 5 bytes JMP 00000001000c1014
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                              0000000076a45254 5 bytes JMP 00000001000c0804
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                              0000000076a453d5 5 bytes JMP 00000001000c0a08
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                             0000000076a454c2 5 bytes JMP 00000001000c0c0c
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                             0000000076a455e2 5 bytes JMP 00000001000c0e10
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                                    0000000076a4567c 5 bytes JMP 00000001000c01f8
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                                    0000000076a4589f 5 bytes JMP 00000001000c03fc
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                                     0000000076a45a22 5 bytes JMP 00000001000c0600
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000076f51465 2 bytes [F5, 76]
.text   C:\Windows\SysWOW64\RunDll32.exe[6256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                   0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                       0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                        0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                    0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                        0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                              0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                   0000000076f9a2ba 1 byte [62]
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                          0000000075aaee09 5 bytes JMP 00000001001c01f8
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                           0000000075ab3982 5 bytes JMP 00000001001c03fc
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                        0000000075ab7603 5 bytes JMP 00000001001c0804
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                        0000000075ab835c 5 bytes JMP 00000001001c0600
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                      0000000075acf52b 5 bytes JMP 00000001001c0a08
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                0000000076a45181 5 bytes JMP 00000001001d1014
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                    0000000076a45254 5 bytes JMP 00000001001d0804
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                    0000000076a453d5 5 bytes JMP 00000001001d0a08
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                   0000000076a454c2 5 bytes JMP 00000001001d0c0c
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                   0000000076a455e2 5 bytes JMP 00000001001d0e10
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                          0000000076a4567c 5 bytes JMP 00000001001d01f8
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                          0000000076a4589f 5 bytes JMP 00000001001d03fc
.text   C:\PROGRA~3\ASGVIS\DONGLE~1\vrlservice.exe[6588] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                           0000000076a45a22 5 bytes JMP 00000001001d0600
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                    0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                     0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                     0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                             0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                           0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                             0000000076a45181 5 bytes JMP 0000000100161014
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                 0000000076a45254 5 bytes JMP 0000000100160804
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                 0000000076a453d5 5 bytes JMP 0000000100160a08
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                0000000076a454c2 5 bytes JMP 0000000100160c0c
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                0000000076a455e2 5 bytes JMP 0000000100160e10
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                       0000000076a4567c 5 bytes JMP 00000001001601f8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                       0000000076a4589f 5 bytes JMP 00000001001603fc
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\SysWOW64\sechost.dll!DeleteService                                        0000000076a45a22 5 bytes JMP 0000000100160600
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                       0000000075aaee09 5 bytes JMP 00000001001701f8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                        0000000075ab3982 5 bytes JMP 00000001001703fc
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                     0000000075ab7603 5 bytes JMP 0000000100170804
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                     0000000075ab835c 5 bytes JMP 0000000100170600
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7740] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                   0000000075acf52b 5 bytes JMP 0000000100170a08
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077ad1360 5 bytes JMP 0000000077c30460
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000077ad13b0 5 bytes JMP 0000000077c30450
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077ad1510 5 bytes JMP 0000000077c30370
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077ad1560 5 bytes JMP 0000000077c30470
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077ad1570 5 bytes JMP 0000000077c303e0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077ad1620 5 bytes JMP 0000000077c30320
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077ad1650 5 bytes JMP 0000000077c303b0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077ad1670 5 bytes JMP 0000000077c30390
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000077ad16b0 5 bytes JMP 0000000077c302e0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077ad1730 5 bytes JMP 0000000077c302d0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077ad1750 5 bytes JMP 0000000077c30310
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077ad1790 5 bytes JMP 0000000077c303c0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077ad17e0 5 bytes JMP 0000000077c303f0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077ad1940 5 bytes JMP 0000000077c30230
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077ad1b00 5 bytes JMP 0000000077c30480
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077ad1b30 5 bytes JMP 0000000077c303a0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077ad1c10 5 bytes JMP 0000000077c302f0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077ad1c20 5 bytes JMP 0000000077c30350
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077ad1c80 5 bytes JMP 0000000077c30290
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077ad1d10 5 bytes JMP 0000000077c302b0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077ad1d30 5 bytes JMP 0000000077c303d0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077ad1d40 5 bytes JMP 0000000077c30330
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077ad1db0 5 bytes JMP 0000000077c30410
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077ad1de0 5 bytes JMP 0000000077c30240
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077ad20a0 5 bytes JMP 0000000077c301e0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077ad2160 5 bytes JMP 0000000077c30250
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077ad2190 5 bytes JMP 0000000077c30490
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000077ad21a0 5 bytes JMP 0000000077c304a0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000077ad21d0 5 bytes JMP 0000000077c30300
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000077ad21e0 5 bytes JMP 0000000077c30360
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077ad2240 5 bytes JMP 0000000077c302a0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077ad2290 5 bytes JMP 0000000077c302c0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000077ad22c0 5 bytes JMP 0000000077c30380
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000077ad22d0 5 bytes JMP 0000000077c30340
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000077ad25c0 5 bytes JMP 0000000077c30440
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000077ad27c0 5 bytes JMP 0000000077c30260
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000077ad27d0 5 bytes JMP 0000000077c30270
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000077ad27e0 5 bytes JMP 0000000077c30400
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077ad29a0 5 bytes JMP 0000000077c301f0
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000077ad29b0 5 bytes JMP 0000000077c30210
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077ad2a20 5 bytes JMP 0000000077c30200
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077ad2a80 5 bytes JMP 0000000077c30420
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077ad2a90 5 bytes JMP 0000000077c30430
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077ad2aa0 5 bytes JMP 0000000077c30220
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077ad2b80 5 bytes JMP 0000000077c30280
.text   C:\Windows\system32\AUDIODG.EXE[1560] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000779beecd 1 byte [62]
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                         0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                             0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                              0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                              0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                      0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                    0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                         0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                0000000075aaee09 5 bytes JMP 00000001001101f8
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                 0000000075ab3982 5 bytes JMP 00000001001103fc
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                              0000000075ab7603 5 bytes JMP 0000000100110804
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                              0000000075ab835c 5 bytes JMP 0000000100110600
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                            0000000075acf52b 5 bytes JMP 0000000100110a08
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                      0000000076a45181 5 bytes JMP 0000000100121014
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                          0000000076a45254 5 bytes JMP 0000000100120804
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                          0000000076a453d5 5 bytes JMP 0000000100120a08
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                         0000000076a454c2 5 bytes JMP 0000000100120c0c
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                         0000000076a455e2 5 bytes JMP 0000000100120e10
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                0000000076a4567c 5 bytes JMP 00000001001201f8
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                0000000076a4589f 5 bytes JMP 00000001001203fc
.text   C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[1856] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                 0000000076a45a22 5 bytes JMP 0000000100120600
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                0000000077c7fac0 5 bytes JMP 0000000100160600
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                    0000000077c7fb58 5 bytes JMP 0000000100160804
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                     0000000077c7fcb0 5 bytes JMP 0000000100160c0c
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                 0000000077c80038 5 bytes JMP 0000000100160a08
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                     0000000077c81920 5 bytes JMP 0000000100160e10
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                             0000000077c9c4dd 5 bytes JMP 00000001001601f8
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                           0000000077ca1287 5 bytes JMP 00000001001603fc
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                0000000076f9a2ba 1 byte [62]
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                             0000000076a45181 5 bytes JMP 0000000100171014
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                 0000000076a45254 5 bytes JMP 0000000100170804
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                 0000000076a453d5 5 bytes JMP 0000000100170a08
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                0000000076a454c2 5 bytes JMP 0000000100170c0c
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                0000000076a455e2 5 bytes JMP 0000000100170e10
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                       0000000076a4567c 5 bytes JMP 00000001001701f8
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                       0000000076a4589f 5 bytes JMP 00000001001703fc
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                        0000000076a45a22 5 bytes JMP 0000000100170600
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                       0000000075aaee09 5 bytes JMP 00000001001801f8
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                        0000000075ab3982 5 bytes JMP 00000001001803fc
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                     0000000075ab7603 5 bytes JMP 0000000100180804
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                     0000000075ab835c 5 bytes JMP 0000000100180600
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                   0000000075acf52b 5 bytes JMP 0000000100180a08
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000076f51465 2 bytes [F5, 76]
.text   C:\Program Files (x86)\Java\jre7\bin\java.exe[1460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             0000000076f514bb 2 bytes [F5, 76]
.text   ...                                                                                                                                                                      * 2
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                 0000000077c7fac0 5 bytes JMP 0000000100030600
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                     0000000077c7fb58 5 bytes JMP 0000000100030804
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                      0000000077c7fcb0 5 bytes JMP 0000000100030c0c
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                  0000000077c80038 5 bytes JMP 0000000100030a08
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                      0000000077c81920 5 bytes JMP 0000000100030e10
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                              0000000077c9c4dd 5 bytes JMP 00000001000301f8
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                            0000000077ca1287 5 bytes JMP 00000001000303fc
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                                 0000000076f9a2ba 1 byte [62]
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                              0000000076a45181 5 bytes JMP 00000001001d1014
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                  0000000076a45254 5 bytes JMP 00000001001d0804
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                  0000000076a453d5 5 bytes JMP 00000001001d0a08
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                                 0000000076a454c2 5 bytes JMP 00000001001d0c0c
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                                 0000000076a455e2 5 bytes JMP 00000001001d0e10
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                                        0000000076a4567c 5 bytes JMP 00000001001d01f8
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                                        0000000076a4589f 5 bytes JMP 00000001001d03fc
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                                         0000000076a45a22 5 bytes JMP 00000001001d0600
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                        0000000075aaee09 5 bytes JMP 00000001002601f8
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                                         0000000075ab3982 5 bytes JMP 00000001002603fc
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                      0000000075ab7603 5 bytes JMP 0000000100260804
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                      0000000075ab835c 5 bytes JMP 0000000100260600
.text   C:\Users\HP\Desktop\aaaa.exe[8392] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                    0000000075acf52b 5 bytes JMP 0000000100260a08

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\SearchIndexer.exe [4968:5044]                                                                                                                        000007fef8385170
Thread  C:\Windows\system32\SearchIndexer.exe [4968:3792]                                                                                                                        000007fef64e69ac
Thread  C:\Windows\system32\SearchIndexer.exe [4968:3800]                                                                                                                        000007fef6723dac
Thread  C:\Windows\system32\SearchIndexer.exe [4968:3804]                                                                                                                        000007fef6721700
Thread  C:\Windows\system32\SearchIndexer.exe [4968:3840]                                                                                                                        000007fef674b248
Thread  C:\Windows\system32\SearchIndexer.exe [4968:3836]                                                                                                                        000007fef674c4ac
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:2624]                                                                                                   0000000076a47587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:2656]                                                                                                   000000006d9e758a
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:4824]                                                                                                   0000000077cb2e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:4592]                                                                                                   0000000077cb3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:6580]                                                                                                   0000000077cb3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:7420]                                                                                                   0000000077cb3e85
Thread  C:\Windows\System32\svchost.exe [3740:3344]                                                                                                                              000007fef6339688
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5452:6336]                                                                                                           000007fefe8c0168
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5452:6360]                                                                                                           000007fefba52a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5452:6788]                                                                                                           000007fef8ce5124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                                     2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                                    2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                                             1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                                              aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                                    FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                                          FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                                              avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                                
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                                aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                     388400
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                                    2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                                   2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                                            1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                               \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                                             aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                                   FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                                         FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                                             avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                               aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                   320700
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                      0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                                  \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                                aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                                      PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                                            tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                                avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                              nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                                     0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                               aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                               avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                                
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                                    17
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                                    2130568
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                                     \Device\Harddisk0\Partition2\Windows
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                                aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                                      FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                                            FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                                avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                                        2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                                  aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                         137600
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                            0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                                   \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                                      \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                                 aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                                 avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                                    \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                                       \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                               \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                                     \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                                avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                                      PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                                            tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                                avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                                        10
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                                      0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                                aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                                avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                                             32
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                                            2
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                                     1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                                        "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                                      avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                                            ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                                  aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                                            1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                                       LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                                   1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                                      Zaji??uje antivirov? slu?by programu avast!, jako nap?. rezidentn? ochranu, virovou truhlu a pl?nova?.
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8e9e2d80                                                                                              
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                                         2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                                        2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                                 1
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                                  aswFsBlk
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                                        FSFilter Activity Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                                              FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                                  avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                                          2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                                            
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                                    aswFsBlk Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                                          
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                         388400
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                            0
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                                        2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                                       2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                                1
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                                   \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                                 aswMonFlt
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                                       FSFilter Anti-Virus
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                                             FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                                 avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                                   aswMonFlt Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                                        
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                       320700
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                          0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                                      \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                                    aswRdr
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                                          PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                                tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                                    avast! WFP Redirect driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                                             
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                  
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                  nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                                         0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                                                  1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                                                   aswRvrt
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                                                   avast! Revert
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                                            
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                                        17
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                                        2130568
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                                         \Device\Harddisk0\Partition2\Windows
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                                           2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                                    aswSnx
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                                          FSFilter Virtualization
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                                                FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                                    avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                                            2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                                              
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                                      aswSnx Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                                              
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                             137600
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                0
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                                             
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                                       \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                                          \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                                            1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                                     aswSP
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                                     avast! Self Protection
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                                              
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                                        \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                                           \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                                                   \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                                         \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                                    avast! Network Shield Support
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                                          PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                                                tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                                    avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                                            10
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                                          0
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                                    aswVmm
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                                    avast! VM Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                                             
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                                                 32
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                                                2
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                                         1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                                            "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                                          avast! Antivirus
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                                                ShellSvcGroup
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                                      aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                                                1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                                           LocalSystem
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                                       1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                                          Zaji??uje antivirov? slu?by programu avast!, jako nap?. rezidentn? ochranu, virovou truhlu a pl?nova?.
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8e9e2d80 (not active ControlSet)                                                                          

---- EOF - GMER 2.1 ----
