Se que tengo virus pero mi antivirus no lo detecta

Responder
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por msc hotline sat » 14 Ene 2013, 06:40

Pues lo que nos dice sobre



"al pinchar en reparar no me deja avanzar casi nada pq me dice una y otra vez que si tengo o he conectado algun dispositivo como camara de fotos, disco duro externo, etc, que lo tengo que desconectar, pero es que eso ya lo hice, no tengo nada conectado"



es muy significtivo !



Al arrancar con el CD de Microsoft, no se carga ningun driver externo, ni aplicacion alguna que pudiera haber instalado, asi que no hay posibilidad de que, en dicho modo, nada instalado le pueda interferir.



Es muy raro que arrancando asi, le dé este mensaje, revise que está arrancando desde el CD de instalación y que no haya ningun hardware externo conectado, aunque ello no debería afectar...



Y nos comenta sus progresos al respecto, gracias



saludos



ms, 14-1-2013

nasecuta
Mensajes: 14
Registrado: 09 Ene 2013, 17:22

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por nasecuta » 15 Ene 2013, 15:21

Me dejais por imposible ? :roll:

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por msc hotline sat » 15 Ene 2013, 15:50

Raro, raro, raro...



No, no son incompatibles el Chrome y el I.E..., ni el Firefox.



Tal como dice, puede que algo del sistema falte o se haya borrado...



Pruebe lanzar un SFC /scannow desde IINICIO --> EJECUTAR



y nos cuenta el resultado, gracias

nasecuta
Mensajes: 14
Registrado: 09 Ene 2013, 17:22

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por nasecuta » 15 Ene 2013, 17:43

Me ha dado todo correcto, esto es rarisimo...que mas puedo hacer ahora ? :(

nasecuta
Mensajes: 14
Registrado: 09 Ene 2013, 17:22

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por nasecuta » 16 Ene 2013, 17:59

Que me recomendais hacer ahora ? Algo podre hacer no?



Ana

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por msc hotline sat » 16 Ene 2013, 19:05

Pruebe el GMER, por si hubiera un rootkit escondido...:



DESCARGA DEL GMER:



www.gmer.net





Tras guardarlo y ejecutarlo, escanee y salve el informe que genera y nos lo postea con un copiar y pegar, en su proximo post de respuesta a este Tema.



saludos



ms, 16-1-2013

nasecuta
Mensajes: 14
Registrado: 09 Ene 2013, 17:22

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por nasecuta » 16 Ene 2013, 21:15

GMER 2.0.18444 - http://www.gmer.net

Rootkit scan 2013-01-16 21:11:31

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 WDC_WD10EARS-00MVWB0 rev.51.0AB51 931,51GB

Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys





---- User code sections - GMER 2.0 ----



.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100120440

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100120430

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100120450

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff891dee90}

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001001203b0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100120320

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100120380

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001001202e0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100120410

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001001202d0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 0000000100120310

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100120390

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001001203c0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100120230

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff891de890}

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100120460

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100120370

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001001202f0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100120350

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100120290

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001001202b0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001001203a0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100120330

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff891de590}

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001001203e0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100120240

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001001201e0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100120250

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff891de090}

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100120470

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100120480

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100120300

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100120360

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001001202a0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001001202c0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100120340

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100120420

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100120260

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100120270

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001001203d0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff891ddb90}

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001001201f0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100120210

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100120200

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001001203f0

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100120400

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100120220

.text C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100120280

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\wininit.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\wininit.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000149b30440

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000149b30430

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000149b30450

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffffd2beee90}

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 0000000149b303b0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000149b30320

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000149b30380

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 0000000149b302e0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000149b30410

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 0000000149b302d0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 0000000149b30310

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000149b30390

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 0000000149b303c0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000149b30230

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffffd2bee890}

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000149b30460

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000149b30370

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 0000000149b302f0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000149b30350

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000149b30290

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 0000000149b302b0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 0000000149b303a0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000149b30330

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffffd2bee590}

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 0000000149b303e0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000149b30240

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 0000000149b301e0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000149b30250

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffffd2bee090}

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000149b30470

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000149b30480

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000149b30300

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000149b30360

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 0000000149b302a0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 0000000149b302c0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000149b30340

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000149b30420

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000149b30260

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000149b30270

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 0000000149b303d0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffffd2bedb90}

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 0000000149b301f0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000149b30210

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000149b30200

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 0000000149b303f0

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000149b30400

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000149b30220

.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000149b30280

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\services.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\services.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\lsass.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100070440

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100070430

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100070450

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff8912ee90}

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001000703b0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100070320

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100070380

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001000702e0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100070410

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001000702d0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 0000000100070310

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100070390

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001000703c0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100070230

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff8912e890}

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100070460

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100070370

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001000702f0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100070350

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100070290

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001000702b0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001000703a0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100070330

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff8912e590}

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001000703e0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100070240

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001000701e0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100070250

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff8912e090}

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100070470

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100070480

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100070300

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100070360

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001000702a0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001000702c0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100070340

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100070420

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100070260

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100070270

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001000703d0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff8912db90}

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001000701f0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100070210

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100070200

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001000703f0

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100070400

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100070220

.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100070280

.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\nvvsvc.exe[912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\svchost.exe[980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100070440

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100070430

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100070450

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff8912ee90}

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001000703b0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100070320

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100070380

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001000702e0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100070410

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001000702d0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 0000000100070310

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100070390

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001000703c0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100070230

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff8912e890}

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100070460

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100070370

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001000702f0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100070350

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100070290

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001000702b0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001000703a0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100070330

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff8912e590}

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001000703e0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100070240

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001000701e0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100070250

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff8912e090}

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100070470

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100070480

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100070300

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100070360

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001000702a0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001000702c0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100070340

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100070420

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100070260

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100070270

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001000703d0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff8912db90}

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001000701f0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100070210

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100070200

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001000703f0

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100070400

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100070220

.text C:\Windows\System32\svchost.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100070280

.text C:\Windows\System32\svchost.exe[156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100070440

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100070430

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100070450

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff8912ee90}

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001000703b0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100070320

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100070380

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001000702e0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100070410

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001000702d0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 0000000100070310

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100070390

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001000703c0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100070230

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff8912e890}

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100070460

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100070370

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001000702f0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100070350

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100070290

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001000702b0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001000703a0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100070330

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff8912e590}

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001000703e0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100070240

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001000701e0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100070250

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff8912e090}

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100070470

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100070480

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100070300

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100070360

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001000702a0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001000702c0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100070340

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100070420

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100070260

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100070270

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001000703d0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff8912db90}

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001000701f0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100070210

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100070200

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001000703f0

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100070400

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100070220

.text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100070280

.text C:\Windows\System32\svchost.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100070440

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100070430

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100070450

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff8912ee90}

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001000703b0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100070320

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100070380

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001000702e0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100070410

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001000702d0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 0000000100070310

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100070390

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001000703c0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100070230

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff8912e890}

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100070460

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100070370

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001000702f0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100070350

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100070290

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001000702b0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001000703a0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100070330

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff8912e590}

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001000703e0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100070240

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001000701e0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100070250

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff8912e090}

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100070470

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100070480

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100070300

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100070360

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001000702a0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001000702c0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100070340

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100070420

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100070260

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100070270

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001000703d0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff8912db90}

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001000701f0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100070210

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100070200

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001000703f0

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100070400

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100070220

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100070280

.text C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100070440

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100070430

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100070450

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff8912ee90}

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001000703b0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100070320

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100070380

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001000702e0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100070410

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001000702d0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 0000000100070310

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100070390

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001000703c0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100070230

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff8912e890}

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100070460

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100070370

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001000702f0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100070350

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100070290

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001000702b0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001000703a0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100070330

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff8912e590}

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001000703e0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100070240

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001000701e0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100070250

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff8912e090}

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100070470

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100070480

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100070300

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100070360

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001000702a0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001000702c0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100070340

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100070420

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100070260

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100070270

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001000703d0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff8912db90}

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001000701f0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100070210

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100070200

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001000703f0

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100070400

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100070220

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100070280

.text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000000770a03b0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000000770a0310

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\svchost.exe[1636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010020075c

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001002003a4

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100200b14

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100200ecc

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010020163c

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001002019f4

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100201284

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Program Files\Bonjour\mDNSResponder.exe[2244] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100251014

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100250600

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000000281401 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000000281419 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000000281431 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000000028144a 2 bytes [28, 00]

.text ... * 9

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000002814dd 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000002814f5 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000000028150d 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000000281525 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000000028153d 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000000281555 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000000028156d 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000000281585 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000000028159d 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000002815b5 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000002815cd 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000002816b2 2 bytes [28, 00]

.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2344] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000002816bd 2 bytes [28, 00]

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100251014

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2380] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100250600

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100241014

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100240804

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100240a08

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100240c0c

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100240e10

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002401f8

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002403fc

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100240600

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002501f8

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002503fc

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100250804

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100250600

.text C:\Windows\SysWOW64\IoctlSvc.exe[2436] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100250a08

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 3 bytes JMP 000000010016075c

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4 0000000076f13ae4 1 byte [89]

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 3 bytes JMP 00000001001603a4

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4 0000000076f17a94 1 byte [89]

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100080440

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100080430

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100160b14

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100160ecc

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100080450

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff8913ee90}

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010016163c

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100080320

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100080380

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001000802e0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100080410

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001000802d0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001619f4

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100080390

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100161284

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001000803c0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100080230

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff8913e890}

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100080460

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100080370

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001000802f0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100080350

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100080290

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001000802b0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001000803a0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100080330

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff8913e590}

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001000803e0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100080240

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001000801e0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100080250

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff8913e090}

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100080470

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100080480

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100080300

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100080360

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001000802a0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001000802c0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100080340

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100080420

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100080260

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100080270

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001000803d0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff8913db90}

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001000801f0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100080210

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100080200

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001000803f0

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100080400

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100080220

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100080280

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010018075c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001001803a4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100180b14

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100180ecc

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010018163c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001819f4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100181284

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010038075c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001003803a4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100380b14

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100380ecc

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010038163c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001003819f4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100381284

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2560] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 00000001003c075c

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001003c03a4

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 00000001003c0b14

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 00000001003c0ecc

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001003c163c

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001003c19f4

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 00000001003c1284

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010028075c

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001002803a4

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100280b14

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100280ecc

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010028163c

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001002819f4

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100281284

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\System32\WUDFHost.exe[2160] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010019075c

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001001903a4

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100190b14

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100190ecc

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010019163c

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001919f4

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100191284

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100251014

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100250600

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002601f8

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002603fc

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100260804

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100260600

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2296] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100260a08

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010018075c

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001001803a4

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100180b14

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100180ecc

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010018163c

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001819f4

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100181284

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\System32\svchost.exe[1756] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010020075c

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001002003a4

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100200b14

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100200ecc

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010020163c

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001002019f4

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100201284

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\system32\SearchIndexer.exe[2856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100261014

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100260804

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100260a08

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100260c0c

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100260e10

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002601f8

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002603fc

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100260600

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002701f8

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002703fc

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100270804

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100270600

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1568] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100270a08

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 00000001003b075c

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001003b03a4

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 00000001003b0b14

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 00000001003b0ecc

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001003b163c

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001003b19f4

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 00000001003b1284

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\taskhost.exe[3488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 3 bytes JMP 000000010016075c

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4 0000000076f13ae4 1 byte [89]

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 3 bytes JMP 00000001001603a4

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4 0000000076f17a94 1 byte [89]

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100160b14

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100160ecc

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010016163c

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001619f4

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100161284

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\system32\Dwm.exe[3608] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 00000001001f075c

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001001f03a4

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 00000001001f0b14

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 00000001001f0ecc

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001001f163c

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001f19f4

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 00000001001f1284

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\Explorer.EXE[3720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\Explorer.EXE[3720] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010046075c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001004603a4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100460b14

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100460ecc

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010046163c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001004619f4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100461284

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4032] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010013075c

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001001303a4

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100130b14

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100130ecc

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010013163c

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001319f4

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100131284

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4072] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100251014

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe[3236] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100250600

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001b0600

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001b0804

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001b0c0c

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001b0e10

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001b0a08

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001b01f8

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001b03fc

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 00000001001d1014

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 00000001001d0804

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 00000001001d0a08

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 00000001001d0c0c

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 00000001001d0e10

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001001d01f8

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001001d03fc

.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[1748] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 00000001001d0600

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001d0600

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001d0804

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001d0c0c

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001d0e10

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001d0a08

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001d01f8

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001d03fc

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 00000001001e1014

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 00000001001e0804

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 00000001001e0a08

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 00000001001e0c0c

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 00000001001e0e10

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001001e01f8

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001001e03fc

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 00000001001e0600

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002001f8

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002003fc

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100200804

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100200600

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100200a08

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000003d11401 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000003d11419 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000003d11431 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000003d1144a 2 bytes [D1, 03]

.text ... * 9

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000003d114dd 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000003d114f5 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000003d1150d 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000003d11525 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000003d1153d 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000003d11555 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000003d1156d 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000003d11585 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000003d1159d 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000003d115b5 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000003d115cd 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000003d116b2 2 bytes [D1, 03]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000003d116bd 2 bytes [D1, 03]

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100080600

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100080804

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100080c0c

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100080e10

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100080a08

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001000801f8

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001000803fc

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001000b01f8

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001000b03fc

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 00000001000b0804

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 00000001000b0600

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 00000001000b0a08

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100171014

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100170804

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100170a08

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100170c0c

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100170e10

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001001701f8

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001001703fc

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100170600

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100080600

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100080804

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100080c0c

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100080e10

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100080a08

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001000801f8

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001000803fc

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100091014

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100090804

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100090a08

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100090c0c

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100090e10

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001000901f8

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001000903fc

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100090600

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001001601f8

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001001603fc

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100160804

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100160600

.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3656] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100160a08

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 00000001002b075c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001002b03a4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 0000000100080440

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 0000000100080430

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 00000001002b0b14

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 00000001002b0ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 0000000100080450

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff8913ee90}

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001002b163c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 0000000100080320

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 0000000100080380

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001000802e0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 0000000100080410

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001000802d0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001002b19f4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 0000000100080390

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 00000001002b1284

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001000803c0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 0000000100080230

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff8913e890}

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 0000000100080460

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 0000000100080370

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001000802f0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 0000000100080350

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 0000000100080290

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001000802b0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001000803a0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 0000000100080330

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff8913e590}

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001000803e0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 0000000100080240

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001000801e0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 0000000100080250

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff8913e090}

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 0000000100080470

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 0000000100080480

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 0000000100080300

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 0000000100080360

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001000802a0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001000802c0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 0000000100080340

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 0000000100080420

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 0000000100080260

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 0000000100080270

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001000803d0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff8913db90}

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001000801f0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 0000000100080210

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 0000000100080200

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001000803f0

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 0000000100080400

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 0000000100080220

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 0000000100080280

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3760] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 00000001004e075c

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001004e03a4

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 00000001004e0b14

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 00000001004e0ecc

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001004e163c

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001004e19f4

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 00000001004e1284

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Program Files\iPod\bin\iPodService.exe[3836] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100201014

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100200804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100200a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100200c0c

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100200e10

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002001f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002003fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100200600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002101f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002103fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100210804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100210600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100210a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075506143 5 bytes JMP 000000016ac12df0

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075833e59 5 bytes JMP 000000016a975ef0

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075833eae 5 bytes JMP 000000016a9786f1

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075834731 5 bytes JMP 000000016a97887f

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075835dee 5 bytes JMP 000000016a98a3d3

? C:\Windows\system32\mssprxy.dll [2144] entry point in ".rdata" section 00000000729071e6

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000007221401 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000007221419 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000007221431 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000722144a 2 bytes [22, 07]

.text ... * 9

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000072214dd 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000072214f5 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000722150d 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000007221525 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000722153d 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000007221555 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000722156d 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000007221585 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000722159d 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000072215b5 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000072215cd 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000072216b2 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000072216bd 2 bytes [22, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100251014

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100250600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002601f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002603fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100260804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100260600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100260a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075506143 5 bytes JMP 000000016ac12df0

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075833e59 5 bytes JMP 000000016a975ef0

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075833eae 5 bytes JMP 000000016a9786f1

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075834731 5 bytes JMP 000000016a97887f

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075835dee 5 bytes JMP 000000016a98a3d3

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!CreateSemaphoreW + 1 000000004997b150 4 bytes {JMP 0x2cc418f3}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!GetModuleFileNameW + 1 000000004997b1be 4 bytes {JMP 0x2cc2977b}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!GetModuleHandleW + 1 000000004997b1c3 4 bytes {JMP 0x2cc282ce}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!RegisterClipboardFormatW + 1 000000004997b420 4 bytes {JMP 0x2cdaea9e}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000007d01401 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000007d01419 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000007d01431 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000007d0144a 2 bytes [D0, 07]

.text ... * 9

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000007d014dd 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000007d014f5 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000007d0150d 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000007d01525 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000007d0153d 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000007d01555 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000007d0156d 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000007d01585 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000007d0159d 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000007d015b5 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000007d015cd 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000007d016b2 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000007d016bd 2 bytes [D0, 07]

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100070600

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100070804

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100070c0c

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100070e10

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100070a08

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001000701f8

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001000703fc

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100131014

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100130804

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100130a08

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100130c0c

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100130e10

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001001301f8

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001001303fc

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100130600

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001001401f8

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001001403fc

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100140804

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100140600

.text C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe[4256] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100140a08

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 00000001001d075c

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001001d03a4

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000000770a0440

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000000770a0430

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 00000001001d0b14

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 00000001001d0ecc

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000000770a0450

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0x15ee90}

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 00000001001d163c

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000000770a0320

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000000770a0380

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000000770a02e0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000000770a0410

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000000770a02d0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001001d19f4

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000000770a0390

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 00000001001d1284

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000000770a03c0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000000770a0230

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0x15e890}

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000000770a0460

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000000770a0370

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000000770a02f0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000000770a0350

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000000770a0290

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000000770a02b0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000000770a03a0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000000770a0330

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0x15e590}

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000000770a03e0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000000770a0240

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000000770a01e0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000000770a0250

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0x15e090}

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000000770a0470

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000000770a0480

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000000770a0300

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000000770a0360

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000000770a02a0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000000770a02c0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000000770a0340

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000000770a0420

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000000770a0260

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000000770a0270

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000000770a03d0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0x15db90}

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000000770a01f0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000000770a0210

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000000770a0200

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000000770a03f0

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000000770a0400

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000000770a0220

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000000770a0280

.text C:\Windows\splwow64.exe[4788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 5 bytes JMP 000007ff7ede1dac

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 5 bytes JMP 000007ff7ede1284

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 5 bytes JMP 000007ff7ede163c

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 5 bytes JMP 000007ff7ede19f4

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 5 bytes JMP 000007ff7ede03a4

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 5 bytes JMP 000007ff7ede075c

.text C:\Windows\splwow64.exe[4788] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001002701f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001002703fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100270804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100270600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100270a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100281014

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100280804

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100280a08

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100280c0c

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100280e10

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001002801f8

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001002803fc

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100280600

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075506143 5 bytes JMP 000000016ac12df0

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075833e59 5 bytes JMP 000000016a975ef0

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075833eae 5 bytes JMP 000000016a9786f1

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075834731 5 bytes JMP 000000016a97887f

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075835dee 5 bytes JMP 000000016a98a3d3

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!CreateSemaphoreW + 1 000000004997b150 4 bytes {JMP 0x2cc418f3}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!GetModuleFileNameW + 1 000000004997b1be 4 bytes {JMP 0x2cc2977b}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!GetModuleHandleW + 1 000000004997b1c3 4 bytes {JMP 0x2cc282ce}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll!RegisterClipboardFormatW + 1 000000004997b420 4 bytes {JMP 0x2cdaea9e}

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000159d1401 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000159d1419 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000159d1431 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000159d144a 2 bytes [9D, 15]

.text ... * 9

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000159d14dd 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000159d14f5 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000159d150d 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000159d1525 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000159d153d 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000159d1555 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000159d156d 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000159d1585 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000159d159d 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000159d15b5 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000159d15cd 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000159d16b2 2 bytes [9D, 15]

.text C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE[1432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000159d16bd 2 bytes [9D, 15]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100080600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100080804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100080c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100080e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100080a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001000801f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001000803fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001001001f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001001003fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100100804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100100600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100100a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100111014

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100110804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100110a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100110c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100110e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001001101f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001001103fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100110600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

? C:\Windows\system32\mssprxy.dll [5212] entry point in ".rdata" section 00000000729071e6

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000770ef991 7 bytes {MOV EDX, 0x866628; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100870600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100870804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000770efbd5 7 bytes {MOV EDX, 0x866668; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000770efc05 7 bytes {MOV EDX, 0x8665a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000770efc1d 7 bytes {MOV EDX, 0x866528; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770efc35 7 bytes {MOV EDX, 0x866728; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770efc65 7 bytes {MOV EDX, 0x866768; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100870c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000770efce5 7 bytes {MOV EDX, 0x8666e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000770efcfd 7 bytes {MOV EDX, 0x8666a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770efd49 7 bytes {MOV EDX, 0x866468; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770efe41 7 bytes {MOV EDX, 0x8664a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100870e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100870a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770f0099 7 bytes {MOV EDX, 0x866428; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770f10a5 7 bytes {MOV EDX, 0x8665e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770f111d 7 bytes {MOV EDX, 0x866568; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770f1321 7 bytes {MOV EDX, 0x8664e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001008701f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001008703fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001009301f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001009303fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100930804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100930600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100930a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100941014

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100940804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100940a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100940c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100940e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001009401f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001009403fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100940600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000009c1401 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000009c1419 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000009c1431 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000009c144a 2 bytes [9C, 00]

.text ... * 9

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000009c14dd 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000009c14f5 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000009c150d 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000009c1525 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000009c153d 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000009c1555 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000009c156d 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000009c1585 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000009c159d 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000009c15b5 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000009c15cd 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000009c16b2 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000009c16bd 2 bytes [9C, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000770ef991 7 bytes {MOV EDX, 0xbe5e28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100c00600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100c00804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000770efbd5 7 bytes {MOV EDX, 0xbe5e68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000770efc05 7 bytes {MOV EDX, 0xbe5da8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000770efc1d 7 bytes {MOV EDX, 0xbe5d28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770efc35 7 bytes {MOV EDX, 0xbe5f28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770efc65 7 bytes {MOV EDX, 0xbe5f68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100c00c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000770efce5 7 bytes {MOV EDX, 0xbe5ee8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000770efcfd 7 bytes {MOV EDX, 0xbe5ea8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770efd49 7 bytes {MOV EDX, 0xbe5c68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770efe41 7 bytes {MOV EDX, 0xbe5ca8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100c00e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100c00a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770f0099 7 bytes {MOV EDX, 0xbe5c28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770f10a5 7 bytes {MOV EDX, 0xbe5de8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770f111d 7 bytes {MOV EDX, 0xbe5d68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770f1321 7 bytes {MOV EDX, 0xbe5ce8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 0000000100c001f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 0000000100c003fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 0000000100cc01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 0000000100cc03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100cc0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100cc0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100cc0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100cd1014

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100cd0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100cd0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100cd0c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100cd0e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 0000000100cd01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 0000000100cd03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100cd0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000770ef991 7 bytes {MOV EDX, 0x5bba28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001005d0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001005d0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000770efbd5 7 bytes {MOV EDX, 0x5bba68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000770efc05 7 bytes {MOV EDX, 0x5bb9a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000770efc1d 7 bytes {MOV EDX, 0x5bb928; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770efc35 7 bytes {MOV EDX, 0x5bbb28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770efc65 7 bytes {MOV EDX, 0x5bbb68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001005d0c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000770efce5 7 bytes {MOV EDX, 0x5bbae8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000770efcfd 7 bytes {MOV EDX, 0x5bbaa8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770efd49 7 bytes {MOV EDX, 0x5bb868; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770efe41 7 bytes {MOV EDX, 0x5bb8a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001005d0e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001005d0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770f0099 7 bytes {MOV EDX, 0x5bb828; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770f10a5 7 bytes {MOV EDX, 0x5bb9e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770f111d 7 bytes {MOV EDX, 0x5bb968; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770f1321 7 bytes {MOV EDX, 0x5bb8e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001005d01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001005d03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001006a01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001006a03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 00000001006a0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 00000001006a0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 00000001006a0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 00000001006b1014

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 00000001006b0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 00000001006b0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 00000001006b0c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 00000001006b0e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001006b01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001006b03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 00000001006b0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000000861401 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000000861419 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000000861431 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000086144a 2 bytes [86, 00]

.text ... * 9

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000008614dd 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000008614f5 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000086150d 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000000861525 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000086153d 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000000861555 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000086156d 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000000861585 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000086159d 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000008615b5 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000008615cd 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000008616b2 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000008616bd 2 bytes [86, 00]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000770ef991 7 bytes {MOV EDX, 0x9ff228; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100a00600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100a00804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000770efbd5 7 bytes {MOV EDX, 0x9ff268; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000770efc05 7 bytes {MOV EDX, 0x9ff1a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000770efc1d 7 bytes {MOV EDX, 0x9ff128; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770efc35 7 bytes {MOV EDX, 0x9ff328; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770efc65 7 bytes {MOV EDX, 0x9ff368; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100a00c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000770efce5 7 bytes {MOV EDX, 0x9ff2e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000770efcfd 7 bytes {MOV EDX, 0x9ff2a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770efd49 7 bytes {MOV EDX, 0x9ff068; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770efe41 7 bytes {MOV EDX, 0x9ff0a8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100a00e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100a00a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770f0099 7 bytes {MOV EDX, 0x9ff028; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770f10a5 7 bytes {MOV EDX, 0x9ff1e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770f111d 7 bytes {MOV EDX, 0x9ff168; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770f1321 7 bytes {MOV EDX, 0x9ff0e8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 0000000100a001f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 0000000100a003fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 0000000100ad01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 0000000100ad03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100ad0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100ad0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100ad0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100ae1014

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100ae0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100ae0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100ae0c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100ae0e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 0000000100ae01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 0000000100ae03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100ae0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100080600

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100080804

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100080c0c

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100080e10

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100080a08

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001000801f8

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001000803fc

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001001001f8

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001001003fc

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100100804

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100100600

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100100a08

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100111014

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100110804

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100110a08

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100110c0c

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100110e10

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001001101f8

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001001103fc

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100110600

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000770ef991 8 bytes {MOV EDX, 0xd03e8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 00000000770ef99b 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000770efa0d 8 bytes {MOV EDX, 0xd01a8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000770efa17 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001000e0600

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000770efb25 8 bytes {MOV EDX, 0xd0168; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000770efb2f 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001000e0804

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000770efbd5 8 bytes {MOV EDX, 0xd0428; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000770efbdf 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000770efc05 8 bytes {MOV EDX, 0xd0368; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000770efc0f 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000770efc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000770efc27 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770efc35 8 bytes {MOV EDX, 0xd04e8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 00000000770efc3f 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770efc65 8 bytes {MOV EDX, 0xd0528; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 00000000770efc6f 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001000e0c0c

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000770efce5 8 bytes {MOV EDX, 0xd04a8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000770efcef 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000770efcfd 8 bytes {MOV EDX, 0xd0468; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000770efd07 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770efd49 8 bytes {MOV EDX, 0xd0068; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 00000000770efd53 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 00000000770efdad 8 bytes {MOV EDX, 0xd02e8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 00000000770efdb7 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770efe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000770efe4b 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 13 bytes JMP 00000001000e0e10

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 00000000770eff93 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001000e0a08

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770f0099 8 bytes {MOV EDX, 0xd0028; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000770f00a3 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 00000000770f0781 8 bytes {MOV EDX, 0xd0268; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 00000000770f078b 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 00000000770f0ffd 8 bytes {MOV EDX, 0xd01e8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 00000000770f1007 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 00000000770f105d 8 bytes {MOV EDX, 0xd0228; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 00000000770f1067 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770f10a5 8 bytes {MOV EDX, 0xd03a8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000770f10af 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770f111d 8 bytes {MOV EDX, 0xd0328; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000770f1127 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770f1321 8 bytes {MOV EDX, 0xd00e8; JMP RDX}

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000770f132b 1 byte [90]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001000e01f8

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001000e03fc

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000765a103d 5 bytes JMP 0000000100010030

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000765a1072 5 bytes JMP 0000000100010070

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007605119f 5 bytes JMP 0000000100020030

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000760511cf 5 bytes JMP 0000000100020070

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075fc4de0 5 bytes JMP 00000001001103b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075fc4f70 5 bytes JMP 00000001001105f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000075fc51a2 5 bytes JMP 00000001001108f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000075fc522d 5 bytes JMP 0000000100110a30

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075fc5689 5 bytes JMP 00000001001101b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075fc58b3 5 bytes JMP 0000000100110170

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075fc6bad 5 bytes JMP 0000000100110370

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075fc6e05 5 bytes JMP 0000000100110570

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075fc6ead 5 bytes JMP 0000000100110530

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075fc7180 5 bytes JMP 00000001001106b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075fc7435 5 bytes JMP 0000000100110770

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075fc7bcc 5 bytes JMP 00000001001100b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075fc7dc4 5 bytes JMP 00000001001103f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075fc7fd5 5 bytes JMP 0000000100110d70

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000075fc82b2 5 bytes JMP 0000000100110e30

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075fc8401 5 bytes JMP 00000001001109f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000075fc879f 5 bytes JMP 00000001001102f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075fc8916 5 bytes JMP 00000001001105b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075fc8b7a 5 bytes JMP 0000000100110970

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075fc8ee6 5 bytes JMP 0000000100110470

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075fc9875 5 bytes JMP 0000000100110c70

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075fc9936 5 bytes JMP 0000000100110d30

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000075fca53a 5 bytes JMP 00000001001109b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000075fcaf9f 5 bytes JMP 0000000100110330

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!LineTo 0000000075fcb9e5 5 bytes JMP 0000000100110430

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000075fcbd55 5 bytes JMP 0000000100110db0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000075fcc040 5 bytes JMP 0000000100110130

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000075fcc107 5 bytes JMP 0000000100110670

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000075fcc269 5 bytes JMP 00000001001106f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000075fcd1f1 5 bytes JMP 0000000100110df0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000075fcd349 5 bytes JMP 0000000100110630

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000075fcdce4 5 bytes JMP 0000000100110930

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075fce743 5 bytes JMP 00000001001100f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000075fd03b7 5 bytes JMP 00000001001102b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!Escape 0000000075fd1bda 5 bytes JMP 0000000100110270

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000075fd1e89 5 bytes JMP 0000000100110cf0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000075fd4843 5 bytes JMP 0000000100110b30

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000075fd5690 5 bytes JMP 0000000100110b70

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!EndPage 0000000075fd6bde 5 bytes JMP 0000000100110230

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000075fde2db 5 bytes JMP 0000000100110ab0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000075fe940d 5 bytes JMP 0000000100110cb0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000075fec621 5 bytes JMP 0000000100110bb0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000075fed2b2 5 bytes JMP 0000000100110bf0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000075fed919 5 bytes JMP 0000000100110c30

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075ff3adc 5 bytes JMP 0000000100110030

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075ff3f29 5 bytes JMP 00000001001101f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!StartPage 0000000075ff401a 5 bytes JMP 0000000100110730

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075ff4c51 5 bytes JMP 00000001001107f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000075ff53fd 5 bytes JMP 0000000100110830

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075ff5454 5 bytes JMP 0000000100110af0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000075ff54af 5 bytes JMP 0000000100110070

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!EndPath 0000000075ff5506 5 bytes JMP 0000000100110a70

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000075ff573f 5 bytes JMP 00000001001107b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!FillPath 0000000075ff57d2 5 bytes JMP 0000000100110870

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075ff5c44 5 bytes JMP 00000001001104f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075ff5cd5 5 bytes JMP 00000001001104b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075ff5d87 5 bytes JMP 00000001001108b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076728c40 5 bytes JMP 0000000100410570

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076729ebd 5 bytes JMP 00000001004102b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001004801f8

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076730afa 5 bytes JMP 00000001004102f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000076730c62 7 bytes JMP 00000001004105b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetParent 0000000076730f68 7 bytes JMP 00000001004106f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!IsWindowVisible 000000007673112d 7 bytes JMP 00000001004106b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767312a5 5 bytes JMP 00000001004105f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007673227d 7 bytes JMP 0000000100410670

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000076733150 7 bytes JMP 0000000100410630

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001004803fc

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!SetCursor 00000000767341f6 5 bytes JMP 0000000100410530

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000767368ef 5 bytes JMP 0000000100410270

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100480804

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000767377fa 5 bytes JMP 0000000100410230

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076737887 7 bytes JMP 0000000100410730

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100480600

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000076738676 5 bytes JMP 00000001004100f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000076738696 5 bytes JMP 0000000100410330

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000076738e8d 5 bytes JMP 00000001004100b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076738ecb 5 bytes JMP 0000000100410070

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007673c17b 5 bytes JMP 0000000100410430

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007673c449 5 bytes JMP 00000001004101b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007673c468 5 bytes JMP 00000001004103f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007673c486 5 bytes JMP 00000001004101f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007673c4b6 5 bytes JMP 00000001004104b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 000000007673d6c0 5 bytes JMP 00000001004104f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007673e360 5 bytes JMP 0000000100410370

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100480a08

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076768e57 5 bytes JMP 0000000100410170

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076769cfd 5 bytes JMP 0000000100410770

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076769f1d 5 bytes JMP 0000000100410030

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000076787cb9 5 bytes JMP 0000000100410130

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000076788111 5 bytes JMP 0000000100410470

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007678832f 5 bytes JMP 00000001004103b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 0000000100491014

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 0000000100490804

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 0000000100490a08

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 0000000100490c0c

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 0000000100490e10

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001004901f8

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001004903fc

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 0000000100490600

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000747c9606 5 bytes JMP 00000001004200f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000747d0581 5 bytes JMP 0000000100420130

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000747d0bb9 5 bytes JMP 0000000100420270

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000747d0c2e 5 bytes JMP 00000001004201b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000747d0f2e 5 bytes JMP 0000000100420070

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000747d1096 5 bytes JMP 00000001004200b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000747d124e 5 bytes JMP 00000001004201f0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000747d129d 5 bytes JMP 0000000100420230

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000747d1527 5 bytes JMP 0000000100420030

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000747d1590 5 bytes JMP 0000000100420170

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075560045 5 bytes JMP 0000000100430030

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000755636b2 5 bytes JMP 0000000100430070

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007558fdcd 5 bytes JMP 00000001004300b0

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000770ef991 7 bytes {MOV EDX, 0x5fde28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100610600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100610804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000770efbd5 7 bytes {MOV EDX, 0x5fde68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000770efc05 7 bytes {MOV EDX, 0x5fdda8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000770efc1d 7 bytes {MOV EDX, 0x5fdd28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770efc35 7 bytes {MOV EDX, 0x5fdf28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770efc65 7 bytes {MOV EDX, 0x5fdf68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100610c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000770efce5 7 bytes {MOV EDX, 0x5fdee8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000770efcfd 7 bytes {MOV EDX, 0x5fdea8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770efd49 7 bytes {MOV EDX, 0x5fdc68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770efe41 7 bytes {MOV EDX, 0x5fdca8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100610e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100610a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770f0099 7 bytes {MOV EDX, 0x5fdc28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770f10a5 7 bytes {MOV EDX, 0x5fdde8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770f111d 7 bytes {MOV EDX, 0x5fdd68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770f1321 7 bytes {MOV EDX, 0x5fdce8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001006101f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001006103fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001006d01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001006d03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 00000001006d0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 00000001006d0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 00000001006d0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 00000001006e1014

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 00000001006e0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 00000001006e0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 00000001006e0c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 00000001006e0e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001006e01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001006e03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 00000001006e0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000770ef991 7 bytes {MOV EDX, 0xf2de28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 0000000100f40600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 0000000100f40804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000770efbd5 7 bytes {MOV EDX, 0xf2de68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000770efc05 7 bytes {MOV EDX, 0xf2dda8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000770efc1d 7 bytes {MOV EDX, 0xf2dd28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770efc35 7 bytes {MOV EDX, 0xf2df28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770efc65 7 bytes {MOV EDX, 0xf2df68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 0000000100f40c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000770efce5 7 bytes {MOV EDX, 0xf2dee8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000770efcfd 7 bytes {MOV EDX, 0xf2dea8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770efd49 7 bytes {MOV EDX, 0xf2dc68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770efe41 7 bytes {MOV EDX, 0xf2dca8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 0000000100f40e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 0000000100f40a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000770f0099 7 bytes {MOV EDX, 0xf2dc28; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000770f10a5 7 bytes {MOV EDX, 0xf2dde8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770f111d 7 bytes {MOV EDX, 0xf2dd68; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770f1321 7 bytes {MOV EDX, 0xf2dce8; JMP RDX}

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 0000000100f401f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 0000000100f403fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001010901f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001010903fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000101090804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000101090600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000101090a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075c95181 5 bytes JMP 00000001010a1014

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075c95254 5 bytes JMP 00000001010a0804

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075c953d5 5 bytes JMP 00000001010a0a08

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075c954c2 5 bytes JMP 00000001010a0c0c

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075c955e2 5 bytes JMP 00000001010a0e10

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075c9567c 5 bytes JMP 00000001010a01f8

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075c9589f 5 bytes JMP 00000001010a03fc

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075c95a22 5 bytes JMP 00000001010a0600

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770a1401 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770a1419 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770a1431 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770a144a 2 bytes [0A, 77]

.text ... * 9

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770a14dd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770a14f5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770a150d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770a1525 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770a153d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770a1555 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770a156d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770a1585 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770a159d 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770a15b5 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770a15cd 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770a16b2 2 bytes [0A, 77]

.text C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770a16bd 2 bytes [0A, 77]

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 6 bytes {NOP ; JMP 0xffffffff893ecc7c}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 6 bytes {NOP ; JMP 0xffffffff893e8914}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f413c0 5 bytes JMP 00000001001f0440

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f41410 5 bytes JMP 00000001001f0430

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 6 bytes {NOP ; JMP 0xffffffff893bf684}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 6 bytes {NOP ; JMP 0xffffffff893bf9dc}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f415c0 1 byte JMP 00000001001f0450

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000076f415c2 3 bytes {JMP 0xffffffff892aee90}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 6 bytes {NOP ; JMP 0xffffffff893c006c}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f41680 5 bytes JMP 00000001001f0320

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f416b0 5 bytes JMP 00000001001f0380

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f41710 5 bytes JMP 00000001001f02e0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f41760 5 bytes JMP 00000001001f0410

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f41790 5 bytes JMP 00000001001f02d0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 6 bytes {NOP ; JMP 0xffffffff893c0244}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f417f0 5 bytes JMP 00000001001f0390

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 6 bytes {NOP ; JMP 0xffffffff893bfa74}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f41840 5 bytes JMP 00000001001f03c0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f419a0 1 byte JMP 00000001001f0230

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076f419a2 3 bytes {JMP 0xffffffff892ae890}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f41b60 5 bytes JMP 00000001001f0460

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f41b90 5 bytes JMP 00000001001f0370

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f41c70 5 bytes JMP 00000001001f02f0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f41c80 5 bytes JMP 00000001001f0350

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f41ce0 5 bytes JMP 00000001001f0290

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f41d70 5 bytes JMP 00000001001f02b0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f41d90 5 bytes JMP 00000001001f03a0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f41da0 1 byte JMP 00000001001f0330

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076f41da2 3 bytes {JMP 0xffffffff892ae590}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f41e10 5 bytes JMP 00000001001f03e0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f41e40 5 bytes JMP 00000001001f0240

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f42100 5 bytes JMP 00000001001f01e0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f421c0 1 byte JMP 00000001001f0250

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076f421c2 3 bytes {JMP 0xffffffff892ae090}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f421f0 5 bytes JMP 00000001001f0470

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f42200 5 bytes JMP 00000001001f0480

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f42230 5 bytes JMP 00000001001f0300

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f42240 5 bytes JMP 00000001001f0360

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f422a0 5 bytes JMP 00000001001f02a0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f422f0 5 bytes JMP 00000001001f02c0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f42330 5 bytes JMP 00000001001f0340

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f42620 5 bytes JMP 00000001001f0420

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f42820 5 bytes JMP 00000001001f0260

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f42830 5 bytes JMP 00000001001f0270

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f42840 1 byte JMP 00000001001f03d0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 0000000076f42842 3 bytes {JMP 0xffffffff892adb90}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f42a00 5 bytes JMP 00000001001f01f0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f42a10 5 bytes JMP 00000001001f0210

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f42a80 5 bytes JMP 00000001001f0200

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f42ae0 5 bytes JMP 00000001001f03f0

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f42af0 5 bytes JMP 00000001001f0400

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f42b00 5 bytes JMP 00000001001f0220

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f42be0 5 bytes JMP 00000001001f0280

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 6 bytes {NOP ; JMP 0xffffffff8001afac}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 6 bytes {NOP ; JMP 0xffffffff80019fa0}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 6 bytes {NOP ; JMP 0xffffffff8001a064}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 6 bytes {NOP ; JMP 0xffffffff8001a2a0}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 6 bytes {NOP ; JMP 0xffffffff8001a4bc}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 6 bytes {NOP ; JMP 0xffffffff80018dbc}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 6 bytes {NOP ; JMP 0xffffffff80018e50}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 6 bytes {NOP ; JMP 0xffffffff80019060}

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefdbe4ed0 9 bytes [68, 78, 03, AF, 02, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefbae5c54 7 bytes [68, 08, 03, AF, 02, C3, CC]

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefbae5c64 9 bytes [68, 40, 03, AF, 02, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[4124] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefd7317a0 9 bytes [68, B0, 03, AF, 02, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000076f0f548 7 bytes JMP 00000001032b08b8

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 6 bytes {NOP ; JMP 0xffffffff893dcc7c}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 6 bytes {NOP ; JMP 0xffffffff893d8914}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000076f1b0ac 7 bytes JMP 00000001032b08f0

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 6 bytes {NOP ; JMP 0xffffffff893af684}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 6 bytes {NOP ; JMP 0xffffffff893af9dc}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 6 bytes {NOP ; JMP 0xffffffff893b006c}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 6 bytes {NOP ; JMP 0xffffffff893b0244}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 6 bytes {NOP ; JMP 0xffffffff893afa74}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\kernel32.dll!CreateThread 0000000076a86580 9 bytes JMP 00000001032b0810

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefedc6e00 6 bytes {NOP ; JMP 0xffffffff8001afac}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefedc6f2c 6 bytes {NOP ; JMP 0xffffffff80019fa0}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefedc7220 6 bytes {NOP ; JMP 0xffffffff8001a064}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefedc739c 6 bytes {NOP ; JMP 0xffffffff8001a2a0}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefedc7538 6 bytes {NOP ; JMP 0xffffffff8001a4bc}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefedc75e8 6 bytes {NOP ; JMP 0xffffffff80018dbc}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefedc790c 6 bytes {NOP ; JMP 0xffffffff80018e50}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefedc7ab4 6 bytes {NOP ; JMP 0xffffffff80019060}

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff1475f0 7 bytes [68, 28, 09, 2B, 03, C3, CC]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefdb81180 10 bytes [68, 08, 0A, 2B, 03, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefdb81320 7 bytes [68, 98, 09, 2B, 03, C3, CC]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefdb84450 6 bytes [68, 60, 09, 2B, 03, C3]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefdb86720 10 bytes [68, D0, 09, 2B, 03, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefdbe4ed0 9 bytes [68, 78, 03, 2B, 03, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefbae5c54 7 bytes [68, 08, 03, 2B, 03, C3, CC]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefbae5c64 9 bytes [68, 40, 03, 2B, 03, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\comdlg32.dll!PrintDlgW 000007fefd731164 9 bytes [68, A8, 05, 2B, 03, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefd7317a0 9 bytes [68, B0, 03, 2B, 03, C3, CC, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5368] C:\Windows\system32\comdlg32.dll!PrintDlgA 000007fefd760240 6 bytes [68, E0, 05, 2B, 03, C3]

.text C:\Windows\system32\AUDIODG.EXE[4588] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f13ae0 5 bytes JMP 000000010024075c

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f17a90 5 bytes JMP 00000001002403a4

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f41490 5 bytes JMP 0000000100240b14

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f414f0 5 bytes JMP 0000000100240ecc

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f415d0 5 bytes JMP 000000010024163c

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f417b0 5 bytes JMP 00000001002419f4

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f41810 5 bytes JMP 0000000100241284

.text C:\Windows\system32\taskeng.exe[3360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aceecd 1 byte [62]

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770efaa0 5 bytes JMP 00000001001c0600

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770efb38 5 bytes JMP 00000001001c0804

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000770efc90 5 bytes JMP 00000001001c0c0c

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770eff84 5 bytes JMP 00000001001c0e10

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0018 5 bytes JMP 00000001001c0a08

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007710c45a 5 bytes JMP 00000001001c01f8

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077111217 5 bytes JMP 00000001001c03fc

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ca30a 1 byte [62]

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007672ee09 5 bytes JMP 00000001003201f8

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076733982 5 bytes JMP 00000001003203fc

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076737603 5 bytes JMP 0000000100320804

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007673835c 5 bytes JMP 0000000100320600

.text C:\Users\Admin\Downloads\GMer\gmer.exe[3284] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007674f52b 5 bytes JMP 0000000100320a08



---- User IAT/EAT - GMER 2.0 ----



IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8e52750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8e52b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8e57de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8e58130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8e51908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8e51c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef8e581d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8e52878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8e57a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8e56c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef8e577bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8e57064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8e56544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2488] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8e55e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Internet Explorer\iexplore.exe[SHLWAPI.dll!SHGetValueW] [7fef5d437f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Internet Explorer\iexplore.exe[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Internet Explorer\iexplore.exe[SHLWAPI.dll!SHSetValueW] [7fef5d67e50] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Internet Explorer\iexplore.exe[SHLWAPI.dll!PathIsURLW] [7fef5d47c18] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!FindNextFileW] [7fef5d63c10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!SetCurrentDirectoryW] [7fef5d620a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateProcessW] [7fef5d59460] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!SearchPathW] [7fef5d4f160] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetPrivateProfileStringW] [7fef5d5cc38] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!WritePrivateProfileStringW] [7fef5d5d6d4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef5d5de80] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!SearchPathW] [7fef5d4f160] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!ReplaceFileW] [7fef5d60cb4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!WritePrivateProfileStringW] [7fef5d5d6d4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetPrivateProfileStringW] [7fef5d5cc38] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef5d5b12c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SearchPathW] [7fef5d4f160] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FindNextFileW] [7fef5d63c10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FindNextFileA] [7fef5d63b10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef5d5af98] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SearchPathA] [7fef5d61cf0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetFileAttributesA] [7fef5d50134] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FindFirstFileA] [7fef5d626b0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathStripToRootW] [7fef5d6601c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathFindOnPathW] [7fef5d64d78] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsURLW] [7fef5d47c18] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsRootA] [7fef5d653b4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [7fef5d4eea8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHOpenRegStream2W] [7fef5d47e68] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHDeleteKeyA] [7fef5d66544] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathCombineW] [7fef5d64b90] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsDirectoryW] [7fef5d64fb4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!AssocQueryStringByKeyW] [7fef5d64688] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathCreateFromUrlW] [7fef5d486a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathSkipRootW] [7fef5d65e18] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathBuildRootA] [7fef5d64928] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathRelativePathToW] [7fef5d65a94] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsDirectoryA] [7fef5d64f34] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsDirectoryEmptyW] [7fef5d650b4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegOpenUSKeyA] [7fef5d676a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegQueryUSValueW] [7fef5d43b04] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegOpenUSKeyW] [7fef5d47b60] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsContentTypeW] [7fef5d64ea0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegGetPathW] [7fef5d675e8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathCanonicalizeW] [7fef5d43be4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegSetPathW] [7fef5d679c0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegGetUSValueW] [7fef5d49620] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!AssocQueryKeyW] [7fef5d4fb58] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegGetBoolUSValueW] [7fef5d49700] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsNetworkPathW] [7fef5d651b4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsRootW] [7fef5d65434] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsRelativeW] [7fef5d45f1c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHEnumKeyExW] [7fef5d66860] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHEnumValueW] [7fef5d669e0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHDeleteKeyW] [7fef5d665d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathBuildRootW] [7fef5d649c0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathFileExistsW] [7fef5d48628] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHSetValueW] [7fef5d67e50] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHDeleteValueW] [7fef5d66710] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHGetValueW] [7fef5d437f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!AssocQueryStringW] [7fef5d64500] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsUNCW] [7fef5d47ad4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathMakeSystemFolderW] [7fef5d6595c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathUnExpandEnvStringsW] [7fef5d660a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsUNCServerShareW] [7fef5d657dc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathIsUNCServerW] [7fef5d656dc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHQueryValueExW] [7fef5d482a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathStripPathW] [7fef5d65f1c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!PathRemoveArgsW] [7fef5d65bcc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[SHLWAPI.dll!SHRegEnumUSKeyW] [7fef5d49020] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[ntdll.dll!NtQueryDirectoryFile] [7fef5d5a798] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[USER32.dll!LoadImageW] [7fef5d5ef94] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[USER32.dll!WinHelpW] [7fef5d5fd88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[USER32.dll!PrivateExtractIconsW] [7fef5d5f69c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef5d608f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!GetShortPathNameA] [7fef5d5b984] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!GetPrivateProfileSectionW] [7fef5d5c550] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!WritePrivateProfileSectionW] [7fef5d5d364] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!WritePrivateProfileStringW] [7fef5d5d6d4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!GetPrivateProfileSectionNamesW] [7fef5d5c8b4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CreateHardLinkW] [7fef5d5e824] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef5d5de80] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef5d608bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!ReplaceFileW] [7fef5d60cb4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!GetPrivateProfileStringW] [7fef5d5cc38] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!GetBinaryTypeW] [7fef5d5be78] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[ole32.dll!CoGetClassObject] [7fef5d47c98] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathIsUNCServerShareW] [7fef5d657dc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHDeleteKeyW] [7fef5d665d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathIsUNCW] [7fef5d47ad4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegGetValueA] [7fef5d47a00] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathCreateFromUrlW] [7fef5d486a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegGetUSValueA] [7fef5d47920] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHSetValueA] [7fef5d67d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathIsUNCServerW] [7fef5d656dc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegGetBoolUSValueA] [7fef5d673d4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [7fef5d4eea8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHOpenRegStream2W] [7fef5d47e68] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegGetBoolUSValueW] [7fef5d49700] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegQueryInfoUSKeyW] [7fef5d491c0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegEnumUSValueW] [7fef5d490d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegEnumUSKeyW] [7fef5d49020] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegQueryUSValueW] [7fef5d43b04] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegCreateUSKeyW] [7fef5d66ef4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegOpenUSKeyW] [7fef5d47b60] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegGetUSValueW] [7fef5d49620] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathIsRootW] [7fef5d65434] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegWriteUSValueW] [7fef5d67cc4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegDeleteEmptyUSKeyW] [7fef5d67050] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHRegDeleteUSValueW] [7fef5d67198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathStripToRootW] [7fef5d6601c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathCreateFromUrlA] [7fef5d64c34] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!SHQueryValueExA] [7fef5d5006c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathFileExistsA] [7fef5d50298] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[SHLWAPI.dll!PathSkipRootW] [7fef5d65e18] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateProcessA] [7fef5d58c7c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoGetClassObject] [7fef5d47c98] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!SearchPathA] [7fef5d61cf0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!SearchPathW] [7fef5d4f160] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!WinHelpW] [7fef5d5fd88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!PathUnExpandEnvStringsA] [7fef5d4ee04] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHDeleteKeyA] [7fef5d66544] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHDeleteValueW] [7fef5d66710] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHSetValueA] [7fef5d67d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHSetValueW] [7fef5d67e50] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!PathCreateFromUrlW] [7fef5d486a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHRegGetUSValueA] [7fef5d47920] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHGetValueA] [7fef5d449c8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHGetValueW] [7fef5d437f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHRegGetValueA] [7fef5d47a00] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!CreateProcessW] [7fef5d59460] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHSetValueW] [7fef5d67e50] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegSetUSValueW] [7fef5d67b3c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHGetValueW] [7fef5d437f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHDeleteKeyW] [7fef5d665d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHQueryValueExW] [7fef5d482a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathCreateFromUrlW] [7fef5d486a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHOpenRegStream2W] [7fef5d47e68] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathUndecorateW] [7fef5d661c4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHDeleteValueW] [7fef5d66710] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHSetValueA] [7fef5d67d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHGetValueA] [7fef5d449c8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHDeleteValueA] [7fef5d6666c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHDeleteKeyA] [7fef5d66544] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathSearchAndQualifyW] [7fef5d65cf0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!AssocQueryStringW] [7fef5d64500] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathFileExistsW] [7fef5d48628] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!AssocQueryKeyW] [7fef5d4fb58] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsNetworkPathW] [7fef5d651b4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathStripToRootW] [7fef5d6601c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsDirectoryW] [7fef5d64fb4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsURLW] [7fef5d47c18] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!AssocQueryKeyA] [7fef5d64388] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegGetBoolUSValueW] [7fef5d49700] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!AssocQueryStringByKeyW] [7fef5d64688] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegOpenUSKeyW] [7fef5d47b60] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegDeleteUSValueW] [7fef5d67198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [7fef5d4eea8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegGetUSValueW] [7fef5d49620] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsUNCW] [7fef5d47ad4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegOpenUSKeyA] [7fef5d676a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegQueryUSValueW] [7fef5d43b04] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegEnumUSKeyW] [7fef5d49020] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHEnumValueW] [7fef5d669e0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsUNCServerW] [7fef5d656dc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsUNCServerShareW] [7fef5d657dc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsContentTypeW] [7fef5d64ea0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsRootW] [7fef5d65434] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathStripPathW] [7fef5d65f1c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHCopyKeyW] [7fef5d663f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathIsRelativeW] [7fef5d45f1c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHEnumKeyExW] [7fef5d66860] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!PathMakeSystemFolderW] [7fef5d6595c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegWriteUSValueW] [7fef5d67cc4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHLWAPI.dll!SHRegCreateUSKeyW] [7fef5d66ef4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!SHGetFolderPathW] [7fef5d46444] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!SHGetSpecialFolderPathW] [7fef5d63ec0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!SHGetFolderLocation] [7fef5d64108] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!SHGetPathFromIDListW] [7fef5d642f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!SHGetFolderPathAndSubDirW] [7fef5d64040] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!Shell_NotifyIconW] [7fef5d59f50] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!Shell_NotifyIconA] [7fef5d59ed0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\IEFRAME.dll[SHELL32.dll!SHGetSpecialFolderLocation] [7fef5d641c0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEACC.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\OLEACC.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[SHLWAPI.dll!PathStripPathW] [7fef5d65f1c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[SHLWAPI.dll!SHGetValueW] [7fef5d437f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[USER32.dll!LoadImageW] [7fef5d5ef94] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[SHELL32.dll!SHGetSpecialFolderPathW] [7fef5d63ec0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[SHELL32.dll!SHGetPathFromIDListW] [7fef5d642f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[SHELL32.dll!SHGetSpecialFolderLocation] [7fef5d641c0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[SHELL32.dll!SHGetFolderLocation] [7fef5d64108] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!SetCurrentDirectoryW] [7fef5d620a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!FindNextFileW] [7fef5d63c10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetShortPathNameW] [7fef5d5bb3c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathIsUNCW] [7fef5d47ad4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!AssocQueryStringW] [7fef5d64500] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHRegQueryUSValueW] [7fef5d43b04] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHRegOpenUSKeyW] [7fef5d47b60] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!AssocQueryStringA] [7fef5d64440] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathIsURLW] [7fef5d47c18] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHQueryValueExW] [7fef5d482a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [7fef5d4eea8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHRegGetUSValueW] [7fef5d49620] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathIsRelativeW] [7fef5d45f1c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathRemoveArgsW] [7fef5d65bcc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHSetValueW] [7fef5d67e50] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!AssocQueryKeyW] [7fef5d4fb58] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHGetValueW] [7fef5d437f4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathCreateFromUrlW] [7fef5d486a8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHRegGetBoolUSValueW] [7fef5d49700] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathStripPathW] [7fef5d65f1c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathFileExistsW] [7fef5d48628] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!PathUndecorateW] [7fef5d661c4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MSHTML.dll[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lcreat] [7fef5d62404] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lopen] [7fef5d62240] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileA] [7fef5d5ea78] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!MoveFileW] [7fef5d608bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!GetPrivateProfileStringW] [7fef5d5cc38] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!WritePrivateProfileStringW] [7fef5d5d6d4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!MoveFileExW] [7fef5d608f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!CopyFileW] [7fef5d5de80] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!RemoveDirectoryW] [7fef5d617d4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!CreateDirectoryW] [7fef5d464fc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!GetShortPathNameW] [7fef5d5bb3c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!CreateHardLinkW] [7fef5d5e824] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!GetFileAttributesExW] [7fef5d5b478] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!WritePrivateProfileSectionW] [7fef5d5d364] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!SetCurrentDirectoryW] [7fef5d620a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!CreateProcessW] [7fef5d59460] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!GetPrivateProfileSectionW] [7fef5d5c550] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!MoveFileW] [7fef5d608bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!SetFileAttributesW] [7fef5d5b12c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!FindNextFileW] [7fef5d63c10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\setupapi.dll[USER32.dll!LoadImageW] [7fef5d5ef94] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef5d51624] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef5d46610] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegQueryValueExW] [7fef5d492f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!CreateDirectoryW] [7fef5d464fc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d2d1.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d2d1.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d2d1.dll[ADVAPI32.dll!RegQueryValueExW] [7fef5d492f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d2d1.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef5d46610] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d2d1.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DWrite.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegEnumKeyExA] [7fef5d48ed0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegQueryValueExA] [7fef5d480f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef5d48ae8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1.dll[ADVAPI32.dll!RegEnumKeyExA] [7fef5d48ed0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef5d48ae8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1.dll[ADVAPI32.dll!RegQueryValueExA] [7fef5d480f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10_1core.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstanceEx] [7fef5d57f80] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateProcessW] [7fef5d59460] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\rasman.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\rtutils.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\NLAapi.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef5d51624] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef5d46610] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegQueryValueExW] [7fef5d492f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!FindNextFileA] [7fef5d63b10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!FindFirstFileExA] [7fef5d63088] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!FindNextFileW] [7fef5d63c10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!FindFirstFileExW] [7fef5d635d0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!GetFileAttributesA] [7fef5d50134] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!SetFileAttributesA] [7fef5d5af98] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!SetCurrentDirectoryA] [7fef5d61970] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!SetCurrentDirectoryW] [7fef5d620a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!CreateDirectoryA] [7fef5d60ffc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!MoveFileA] [7fef5d60824] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!RemoveDirectoryA] [7fef5d61644] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!DeleteFileA] [7fef5d5ea78] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!SetFileAttributesW] [7fef5d5b12c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!CreateDirectoryW] [7fef5d464fc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!MoveFileW] [7fef5d608bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!RemoveDirectoryW] [7fef5d617d4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!CreateProcessA] [7fef5d58c7c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!CreateProcessW] [7fef5d59460] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Java\jre7\bin\msvcr100.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\SXS.DLL[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!CopyFileW] [7fef5d5de80] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!SetFileAttributesW] [7fef5d5b12c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!SetFileAttributesW] [7fef5d5b12c] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!CreateDirectoryW] [7fef5d464fc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ieapfltr.dll[SHELL32.dll!SHGetFolderPathW] [7fef5d46444] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\jscript9.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\jscript9.dll[ole32.dll!CoGetClassObject] [7fef5d47c98] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\jscript9.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\jscript9.dll[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!FindNextFileW] [7fef5d63c10] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!ReplaceFileW] [7fef5d60cb4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetFileAttributesExW] [7fef5d5b478] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!CreateDirectoryW] [7fef5d464fc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!SearchPathW] [7fef5d4f160] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetFileAttributesA] [7fef5d50134] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\PROPSYS.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef5d46610] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[ADVAPI32.dll!RegEnumValueW] [7fef5d507c0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[ADVAPI32.dll!RegEnumKeyExW] [7fef5d4f680] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\windowscodecs.dll[ADVAPI32.dll!RegQueryValueExW] [7fef5d492f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\Dxtrans.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\Dxtrans.dll[SHLWAPI.dll!SHRegGetValueW] [7fef5d438bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ATL.DLL[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ATL.DLL[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ATL.DLL[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ATL.DLL[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\ATL.DLL[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[ADVAPI32.dll!RegEnumKeyExA] [7fef5d48ed0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[ADVAPI32.dll!RegQueryValueExA] [7fef5d480f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[ADVAPI32.dll!RegDeleteKeyA] [7fef5d68cd0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[ADVAPI32.dll!RegCreateKeyA] [7fef5d68174] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef5d48ae8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\ddrawex.dll[ADVAPI32.dll!RegOpenKeyA] [7fef5d4f8e8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DDRAW.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DCIMAN32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!DeleteFileW] [7fef5d5ec08] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!MoveFileW] [7fef5d608bc] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetFileAttributesW] [7fef5d46198] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!SearchPathW] [7fef5d4f160] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetPrivateProfileStringW] [7fef5d5cc38] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!SetCurrentDirectoryW] [7fef5d620a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10.dll[ADVAPI32.dll!RegQueryValueExA] [7fef5d480f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10.dll[ADVAPI32.dll!RegEnumKeyExA] [7fef5d48ed0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef5d48ae8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\d3d10.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\System32\msxml6.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegCreateKeyW] [7fef5d68438] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef5d46610] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef5d48ae8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegCreateKeyA] [7fef5d68174] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegQueryValueExW] [7fef5d492f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegQueryValueExA] [7fef5d480f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\DSOUND.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExA] [7fef5d460d8] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[SHELL32.dll!SHGetSpecialFolderPathW] [7fef5d63ec0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ADVAPI32.dll!RegEnumKeyExW] [7fef5d4f680] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef5d46610] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ADVAPI32.dll!RegDeleteKeyW] [7fef5d68f70] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ADVAPI32.dll!RegQueryInfoKeyW] [7fef5d51114] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef5d51624] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ADVAPI32.dll!RegQueryValueExW] [7fef5d492f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!LoadLibraryA] [7fef5d47184] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!CreateFileA] [7fef5d48d88] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!LoadLibraryExW] [7fef5d476f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!CreateFileW] [7fef5d46250] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!LoadLibraryW] [7fef5d44d74] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!FindFirstFileW] [7fef5d62ba4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[KERNEL32.dll!FindClose] [7fef5d625a4] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef5d51624] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegQueryInfoKeyW] [7fef5d51114] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegQueryValueExW] [7fef5d492f0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegEnumValueW] [7fef5d507c0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegEnumKeyExW] [7fef5d4f680] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef5d46610] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegDeleteKeyW] [7fef5d68f70] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ADVAPI32.dll!RegCloseKey] [7fef5d470a0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ole32.dll!CoGetClassObject] [7fef5d47c98] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[ole32.dll!CoCreateInstance] [7fef5d43a54] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL[SHELL32.dll!SHGetSpecialFolderPathW] [7fef5d63ec0] C:\Program Files\Internet Explorer\IEShims.dll

IAT C:\Program Files\Internet Explorer\iexplore.exe[5368] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!GetProcAddress] [7fef5d434e4] C:\Program Files\Internet Explorer\IEShims.dll



---- Threads - GMER 2.0 ----



Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1320:1352] 0000000077122e25

Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1320:1356] 00000000744c345e

Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1320:1368] 0000000077123e45

---- Processes - GMER 2.0 ----



Library ? (*** suspicious ***) @ C:\Program Files\AVAST Software\Avast\AvastUI.exe [3144] 0000000073ca0000

Library ? (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IELowutil.exe [5768] 0000000075b60000



---- EOF - GMER 2.0 ----

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por msc hotline sat » 17 Ene 2013, 09:29

Pues aparecen dos sospechosos:



C:\Program Files\AVAST Software\Avast\AvastUI.exe



C:\Program Files (x86)\Internet Explorer\IELowutil.exe





El primero es aparentemente de Avast, pero nunca se sabe, segun info:



"Descripción: AvastUI.exe es localizado en una subcarpeta de "C:\Archivos de Programa". Tamaños conocidos del archivo en Windows 7/Vista/XP son 2,837,864 bytes (15% de todos los sucesos), 2,838,912 bytes y 15 variantes más.

El archivo AvastUI.exe es un archivo con la firma de Verisign. Está certificado por una empresa de confianza. No es ningún componente del sistema de Windows. El proceso se carga durante el proceso de inicio de Windows (ve la clave del Registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). El proceso no es visible. el puede cambiar el comportamiento de otros programas o manipular otros programas. AvastUI.exe es capaz de registrar entradas y monitorear aplicaciones. Entonces la evaluación técnica de seguridad es 39% peligrosa"





y sobre el segundo hay esta info:



"Importante: Algunos malware se camuflan como ielowutil.exe, sobre todo si se encuentran en la carpeta c:\windows o c:\windows\system32. Por lo tanto comprueba si el proceso ielowutil.exe en tu PC es un virus."



Por tanto, envienos ambos ficheros para analizar e informaremos del resultado:



Para ello, recordar https://foros.zonavirus.com/viewtopic.php?f=5&t=45334



saludos



ms, 17-1-2013

nasecuta
Mensajes: 14
Registrado: 09 Ene 2013, 17:22

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por nasecuta » 17 Ene 2013, 14:08

Te lo he enviado por email, no habia manera de hacerlo de otra forma. Gracias

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: Se que tengo virus pero mi antivirus no lo detecta

Mensaje por msc hotline sat » 17 Ene 2013, 17:11

Recibidos los dos ficheros sospechosos, hemos procedeido a su analisis:



Sobre el fichero ielowutil.exe, sus propiedades indican:





publisher................: Microsoft Corporation

product..................: Windows_ Internet Explorer

internal name............: ielowutil.exe

copyright................: (c) Microsoft Corporation. All rights reserved.

original name............: ielowutil.exe

signing date.............: 6:02 PM 8/24/2012

signers..................: Microsoft Windows; Microsoft Windows Verification PCA; Microsoft Root Certificate Authority

file version.............: 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

description..............: Internet Low-Mic Utility Tool



por lo cual desetimamos que sea malware.







y sobre el fichero AvastUI.exe





publisher................: AVAST Software

product..................: avast_ Antivirus

internal name............: AvastUi.exe

copyright................: Copyright (c) 2012 AVAST Software

signing date.............: 10:12 AM 8/21/2012

original name............: AvastUi.exe

signers..................: AVAST Software; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5

file version.............: 7.0.1466.549

description..............: avast_ Antivirus



Así que ambos ficheros son al parecer legítimos, aunque este último TREND lo identifica como malware:



TrendMicro-HouseCall TROJ_GEN.F47V0824 20121228



De todas formas puede ser un falso positivo de dicho antivirus, por lo cual lo damos por legitimo, ya que tienes instalado dicho antivirus.



Y por todo lo indicado, no vemos ni rootkit ni malware visible, por lo cual, si persisten las nomalías, entendemos que puede tratarse de degradación de algun componente de hardware, como memorias, disco duro, etc, por lo que sugerimos lo lleves a un servicio tecnico que lo vean y diagnostiquen la averia, y den presupuesto de reparación, si es necesaria.



Si lo haces y quieres aportarnos lo que descubran, siempre será de interés para el histórico del foro, especialmente en este caso que hemos tocado tantos puntos ... Dejamos el Tema abierto para que nos puedas añadir dicha información en su momento, gracias.



saludos



ms, 17-1-2013

Responder

Volver a “Foro Virus - Cuentanos tu problema”