GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-01 15:16:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.GG2O 465,76GB Running: xqliwrq3.exe; Driver: C:\Users\KOFCC2~1\AppData\Local\Temp\uxriypow.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100120470 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100120460 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100120370 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100120480 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001001203e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100120320 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001001203b0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100120390 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001001202e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000100120440 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001001202d0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100120310 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001001203c0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001001203f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100120230 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88b6e890} .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100120490 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001001203a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001001202f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100120350 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100120290 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001001202b0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001001203d0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100120330 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88b6e590} .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100120410 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100120240 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001001201e0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100120250 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88b6e090} .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000001001204a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001001204b0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100120300 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100120360 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001001202a0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001001202c0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100120380 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100120340 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100120450 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100120260 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100120270 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100120400 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001001201f0 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100120210 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100120200 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100120420 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100120430 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100120220 .text C:\windows\system32\csrss.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100120280 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\wininit.exe[776] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\wininit.exe[776] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100120470 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100120460 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100120370 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100120480 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001001203e0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100120320 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001001203b0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100120390 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001001202e0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000100120440 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001001202d0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100120310 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001001203c0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001001203f0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100120230 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88b6e890} .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100120490 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001001203a0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001001202f0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100120350 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100120290 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001001202b0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001001203d0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100120330 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88b6e590} .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100120410 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100120240 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001001201e0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100120250 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88b6e090} .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000001001204a0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001001204b0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100120300 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100120360 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001001202a0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001001202c0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100120380 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100120340 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100120450 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100120260 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100120270 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100120400 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001001201f0 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100120210 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100120200 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100120420 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100120430 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100120220 .text C:\windows\system32\csrss.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100120280 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\winlogon.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\winlogon.exe[832] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\services.exe[884] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\services.exe[884] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\lsass.exe[892] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\lsass.exe[892] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\lsm.exe[900] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704b0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[996] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704b0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\System32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\System32\svchost.exe[948] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\System32\svchost.exe[1056] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\System32\svchost.exe[1056] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\svchost.exe[1080] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\svchost.exe[1080] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\svchost.exe[1104] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\svchost.exe[1104] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\svchost.exe[1316] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\svchost.exe[1316] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\svchost.exe[1444] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\svchost.exe[1444] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070470 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070460 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070480 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000100070440 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070490 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704b0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070450 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\windows\system32\WLANExt.exe[1564] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\System32\spoolsv.exe[1828] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1984] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1580] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1740] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1668] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2020] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[1956] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\windows\SysWOW64\irstrtsv.exe[2116] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2140] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2140] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077711465 2 bytes [71, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2140] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777114bb 2 bytes [71, 77] .text ... * 2 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\taskeng.exe[2456] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\Explorer.EXE[2520] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\Explorer.EXE[2520] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2876] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe[2912] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\svchost.exe[2932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\svchost.exe[2932] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[1012] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2808] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3132] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\wbem\wmiprvse.exe[3536] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3692] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077711465 2 bytes [71, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777114bb 2 bytes [71, 77] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4592] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1520] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4792] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000000021465 2 bytes [02, 00] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000000214bb 2 bytes [02, 00] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4844] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\windows\system32\SearchIndexer.exe[2112] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5328] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\windows\System32\svchost.exe[5932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3224] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704b0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7108] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2652] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4168] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710470 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710460 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000077710370 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710480 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000000777103e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000077710320 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000000777103b0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000077710390 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000000777102e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000077710440 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000000777102d0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000077710310 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000000777103c0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000000777103f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000077710230 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0x15e890} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710490 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000000777103a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710350 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710290 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000000777102b0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000000777103d0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000077710330 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0x15e590} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000077710410 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710240 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000077710250 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0x15e090} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000000777104a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000000777104b0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000077710300 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710360 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000000777102a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000000777102c0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000077710380 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000077710340 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000077710450 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710260 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710270 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000077710400 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000077710210 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000077710200 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000077710420 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000077710430 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000077710220 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000077710280 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6268] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2100] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\windows\system32\svchost.exe[6928] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000100070470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000100070460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775b1570 5 bytes JMP 0000000100070370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000100070480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775b15d0 5 bytes JMP 00000001000703e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 0000000100070320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775b16b0 5 bytes JMP 00000001000703b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775b16d0 5 bytes JMP 0000000100070390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 00000001000702e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775b1760 5 bytes JMP 0000000100070440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 00000001000702d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 0000000100070310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775b17f0 5 bytes JMP 00000001000703c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775b1840 5 bytes JMP 00000001000703f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 1 byte JMP 0000000100070230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000775b19a2 3 bytes {JMP 0xffffffff88abe890} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000100070490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775b1b90 5 bytes JMP 00000001000703a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000001000702f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000100070350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000100070290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 00000001000702b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775b1d90 5 bytes JMP 00000001000703d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 1 byte JMP 0000000100070330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000775b1da2 3 bytes {JMP 0xffffffff88abe590} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775b1e10 5 bytes JMP 0000000100070410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000100070240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000001000701e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 1 byte JMP 0000000100070250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000775b21c2 3 bytes {JMP 0xffffffff88abe090} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775b21f0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775b2200 5 bytes JMP 00000001000704b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 0000000100070300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000100070360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 00000001000702a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 00000001000702c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775b2320 5 bytes JMP 0000000100070380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 0000000100070340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775b2620 5 bytes JMP 0000000100070450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000100070260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000100070270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775b2840 5 bytes JMP 0000000100070400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000001000701f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775b2a10 5 bytes JMP 0000000100070210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 0000000100070200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775b2ae0 5 bytes JMP 0000000100070420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775b2af0 5 bytes JMP 0000000100070430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 0000000100070220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775b2be0 5 bytes JMP 0000000100070280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4584] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6864] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6076] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1736] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007749eecd 1 byte [62] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007775fb08 5 bytes JMP 0000000109e40594 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\syswow64\kernel32.dll!CreateEventW + 19 0000000075e11851 7 bytes JMP 0000000109e4020c .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\syswow64\kernel32.dll!CreateDirectoryW + 257 0000000075e14342 7 bytes JMP 0000000109e402ee .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\syswow64\kernel32.dll!LoadLibraryA + 81 0000000075e14a10 7 bytes JMP 0000000109e403d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\syswow64\kernel32.dll!VirtualFreeEx + 19 0000000075e2d9c3 7 bytes JMP 0000000109e40048 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 0000000075e2eb7d 7 bytes JMP 0000000109e4012a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6140] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075573e6b 5 bytes JMP 0000000109e404b2 .text C:\Users\Koń\Desktop\xqliwrq3.exe[5548] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075e3a30a 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\taskhost.exe [2368:2552] 000007fefc361f38 Thread C:\windows\system32\taskhost.exe [2368:2556] 000007fefa1e2740 Thread C:\windows\system32\taskhost.exe [2368:2564] 000007fefb391010 Thread C:\windows\system32\taskhost.exe [2368:5188] 000007fef7c55170 Thread C:\Program Files\Internet Explorer\iexplore.exe [1736:5396] 000007feead37810 Thread C:\Program Files\Internet Explorer\iexplore.exe [1736:1624] 000000005c158e00 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8EF82CE1-79FF-4A56-981A-B342361310D1}\Connection@Name isatap.{0D9BCA54-6F7E-4214-AF4F-338B3584B79C} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A07922B9-FB4E-41DC-835E-D562CD8227D5}\Connection@Name isatap.{6717D19E-066A-4C9F-8F84-A65BA1E11652} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{5A5838AA-BBE9-4E57-ABAF-DCDBAFCDB291}?\Device\{A0B1315C-EE55-4AEE-A854-FECFAE09B8C7}?\Device\{A07922B9-FB4E-41DC-835E-D562CD8227D5}?\Device\{8EF82CE1-79FF-4A56-981A-B342361310D1}?\Device\{3BAFA211-E639-4196-AE19-8D722E641F5F}?\Device\{141E03B2-696A-41C0-86DE-2EB532E81A57}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{5A5838AA-BBE9-4E57-ABAF-DCDBAFCDB291}"?"{A0B1315C-EE55-4AEE-A854-FECFAE09B8C7}"?"{A07922B9-FB4E-41DC-835E-D562CD8227D5}"?"{8EF82CE1-79FF-4A56-981A-B342361310D1}"?"{3BAFA211-E639-4196-AE19-8D722E641F5F}"?"{141E03B2-696A-41C0-86DE-2EB532E81A57}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{5A5838AA-BBE9-4E57-ABAF-DCDBAFCDB291}?\Device\TCPIP6TUNNEL_{A0B1315C-EE55-4AEE-A854-FECFAE09B8C7}?\Device\TCPIP6TUNNEL_{A07922B9-FB4E-41DC-835E-D562CD8227D5}?\Device\TCPIP6TUNNEL_{8EF82CE1-79FF-4A56-981A-B342361310D1}?\Device\TCPIP6TUNNEL_{3BAFA211-E639-4196-AE19-8D722E641F5F}?\Device\TCPIP6TUNNEL_{141E03B2-696A-41C0-86DE-2EB532E81A57}? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 175632 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c48508012fd8 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c485085bef77 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8EF82CE1-79FF-4A56-981A-B342361310D1}@InterfaceName isatap.{0D9BCA54-6F7E-4214-AF4F-338B3584B79C} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8EF82CE1-79FF-4A56-981A-B342361310D1}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A07922B9-FB4E-41DC-835E-D562CD8227D5}@InterfaceName isatap.{6717D19E-066A-4C9F-8F84-A65BA1E11652} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A07922B9-FB4E-41DC-835E-D562CD8227D5}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-22-75-9f-1f-ac@ClientLocalPort 63879 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-22-75-9f-1f-ac@TeredoAddress 2001:0:5ef5:79fd:4cc:678:a469:20cf Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 4426 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2652 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 3 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 9 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 175632 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 3 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c48508012fd8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c485085bef77 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Ko\x2dd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAFKGIUU\ComboFix.exe 1 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----