GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-14 21:25:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0001 298,09GB Running: 4ooyhept.exe; Driver: C:\Users\Asia\AppData\Local\Temp\aftcqaog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fa6000 52 bytes [FF, CC, 4C, 8B, 75, 67, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 613 fffff80002fa6035 34 bytes {MOV RCX, RSI; CALL 0xffffffffff336edb} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 00000001499f0470 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 00000001499f0460 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 00000001499f0370 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 00000001499f0480 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001499f03e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 00000001499f0320 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000001499f03b0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 00000001499f0390 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000001499f02e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 00000001499f0440 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000001499f02d0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 00000001499f0310 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000001499f03c0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000001499f03f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 00000001499f0230 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0xffffffffd2a4e890} .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 00000001499f0490 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000001499f03a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000001499f02f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 00000001499f0350 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 00000001499f0290 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000001499f02b0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000001499f03d0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 00000001499f0330 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0xffffffffd2a4e590} .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 00000001499f0410 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 00000001499f0240 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000001499f01e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 00000001499f0250 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0xffffffffd2a4e090} .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000001499f04a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000001499f04b0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 00000001499f0300 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 00000001499f0360 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000001499f02a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000001499f02c0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 00000001499f0380 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 00000001499f0340 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 00000001499f0450 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 00000001499f0260 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 00000001499f0270 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 00000001499f0400 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000001499f01f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 00000001499f0210 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 00000001499f0200 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 00000001499f0420 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 00000001499f0430 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 00000001499f0220 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 00000001499f0280 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\wininit.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\wininit.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0xffffffff8909e890} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0xffffffff8909e590} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0xffffffff8909e090} .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000001000404b0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000100040280 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\services.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\services.exe[852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\lsass.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\lsm.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\winlogon.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\atiesrxx.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\System32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1300] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\AUDIODG.EXE[1336] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\svchost.exe[1432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\atieclxx.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\Explorer.EXE[1776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\System32\spoolsv.exe[1956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\taskhost.exe[1972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe[1368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Program Files\Windows Sidebar\sidebar.exe[2056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\svchost.exe[2196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[2532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 0000000100091014 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 0000000100090c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 0000000100090e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3212] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 00000001000a0a08 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f73ae0 5 bytes JMP 00000001001a075c .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f77a90 5 bytes JMP 00000001001a03a4 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076fa1490 5 bytes JMP 00000001001a0b14 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076fa14f0 5 bytes JMP 00000001001a0ecc .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001001a163c .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076fa1810 5 bytes JMP 00000001001a1284 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 00000001001a19f4 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd206e00 5 bytes JMP 000007ff7d221dac .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd206f2c 5 bytes JMP 000007ff7d220ecc .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd207220 5 bytes JMP 000007ff7d221284 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd20739c 5 bytes JMP 000007ff7d22163c .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd207538 5 bytes JMP 000007ff7d2219f4 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd2075e8 5 bytes JMP 000007ff7d2203a4 .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd20790c 5 bytes JMP 000007ff7d22075c .text C:\Windows\system32\SearchIndexer.exe[3264] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd207ab4 5 bytes JMP 000007ff7d220b14 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 0000000100121014 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 0000000100120804 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 0000000100120a08 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 0000000100120c0c .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 0000000100120e10 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001001201f8 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001001203fc .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 0000000100120600 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd206e00 5 bytes JMP 000007ff7d221dac .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd206f2c 5 bytes JMP 000007ff7d220ecc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd207220 5 bytes JMP 000007ff7d221284 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd20739c 5 bytes JMP 000007ff7d22163c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd207538 5 bytes JMP 000007ff7d2219f4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd2075e8 5 bytes JMP 000007ff7d2203a4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd20790c 5 bytes JMP 000007ff7d22075c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3356] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd207ab4 5 bytes JMP 000007ff7d220b14 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 00000001001e0c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 00000001001e0e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 00000001001f1014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 00000001001f0804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 00000001001f0a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 00000001001f0c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 00000001001f0e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001001f01f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001001f03fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 00000001001f0600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001002001f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001002003fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100200804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100200600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3420] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100200a08 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001002403fc .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100240804 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100240600 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 0000000100251014 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 0000000100250804 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 0000000100250a08 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 0000000100250c0c .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 0000000100250e10 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001002501f8 .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001002503fc .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[3628] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001002101f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001002103fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100210804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100210600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100210a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 00000001002a1014 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 00000001002a0804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 00000001002a0a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 00000001002a0c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 00000001002a0e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001002a01f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001002a03fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 00000001002a0600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f73ae0 5 bytes JMP 000000010045075c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f77a90 5 bytes JMP 00000001004503a4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076fa1490 5 bytes JMP 0000000100450b14 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076fa14f0 5 bytes JMP 0000000100450ecc .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 000000010045163c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076fa1810 5 bytes JMP 0000000100451284 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 00000001004519f4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001002901f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001002903fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100290804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100290600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100290a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 00000001002a1014 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 00000001002a0804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 00000001002a0a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 00000001002a0c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 00000001002a0e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001002a01f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001002a03fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3816] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 00000001002a0600 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f73ae0 3 bytes JMP 00000001001c075c .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4 0000000076f73ae4 1 byte [89] .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f77a90 3 bytes JMP 00000001001c03a4 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4 0000000076f77a94 1 byte [89] .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076fa1490 5 bytes JMP 00000001001c0b14 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076fa14f0 5 bytes JMP 00000001001c0ecc .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001001c163c .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076fa1810 5 bytes JMP 00000001001c1284 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 00000001001c19f4 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd206e00 5 bytes JMP 000007ff7d221dac .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd206f2c 5 bytes JMP 000007ff7d220ecc .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd207220 5 bytes JMP 000007ff7d221284 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd20739c 5 bytes JMP 000007ff7d22163c .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd207538 5 bytes JMP 000007ff7d2219f4 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd2075e8 5 bytes JMP 000007ff7d2203a4 .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd20790c 5 bytes JMP 000007ff7d22075c .text C:\Windows\System32\svchost.exe[3820] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd207ab4 5 bytes JMP 000007ff7d220b14 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001003801f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001003803fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100380804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100380600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100380a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 0000000100391014 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 0000000100390804 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 0000000100390a08 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 0000000100390c0c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 0000000100390e10 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001003901f8 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001003903fc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 0000000100390600 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f73ae0 5 bytes JMP 00000001003c075c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f77a90 5 bytes JMP 00000001003c03a4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076fa1490 5 bytes JMP 00000001003c0b14 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076fa14f0 5 bytes JMP 00000001003c0ecc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001003c163c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076fa1810 5 bytes JMP 00000001003c1284 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 00000001003c19f4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd206e00 5 bytes JMP 000007ff7d221dac .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd206f2c 5 bytes JMP 000007ff7d220ecc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd207220 5 bytes JMP 000007ff7d221284 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd20739c 5 bytes JMP 000007ff7d22163c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd207538 5 bytes JMP 000007ff7d2219f4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd2075e8 5 bytes JMP 000007ff7d2203a4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd20790c 5 bytes JMP 000007ff7d22075c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2648] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd207ab4 5 bytes JMP 000007ff7d220b14 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f73ae0 5 bytes JMP 00000001008e075c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f77a90 5 bytes JMP 00000001008e03a4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076fa1490 5 bytes JMP 00000001008e0b14 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076fa14f0 5 bytes JMP 00000001008e0ecc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001008e163c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076fa1810 5 bytes JMP 00000001008e1284 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 00000001008e19f4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd206e00 5 bytes JMP 000007ff7d221dac .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd206f2c 5 bytes JMP 000007ff7d220ecc .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd207220 5 bytes JMP 000007ff7d221284 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd20739c 5 bytes JMP 000007ff7d22163c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd207538 5 bytes JMP 000007ff7d2219f4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd2075e8 5 bytes JMP 000007ff7d2203a4 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd20790c 5 bytes JMP 000007ff7d22075c .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[4336] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd207ab4 5 bytes JMP 000007ff7d220b14 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007714faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007714fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077150018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007716c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077171217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075475181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075475254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754753d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754754c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754755e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007547567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007547589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075475a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074d7ee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074d83982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074d87603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074d8835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3308] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074d9f52b 5 bytes JMP 0000000100110a08 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f73ae0 5 bytes JMP 00000001001b075c .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f77a90 5 bytes JMP 00000001001b03a4 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076fa1490 5 bytes JMP 00000001001b0b14 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076fa14f0 5 bytes JMP 00000001001b0ecc .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001001b163c .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076fa1810 5 bytes JMP 00000001001b1284 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 00000001001b19f4 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd206e00 5 bytes JMP 000007ff7d221dac .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd206f2c 5 bytes JMP 000007ff7d220ecc .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd207220 5 bytes JMP 000007ff7d221284 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd20739c 5 bytes JMP 000007ff7d22163c .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd207538 5 bytes JMP 000007ff7d2219f4 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd2075e8 5 bytes JMP 000007ff7d2203a4 .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd20790c 5 bytes JMP 000007ff7d22075c .text C:\Windows\System32\svchost.exe[4596] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd207ab4 5 bytes JMP 000007ff7d220b14 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000077100470 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000077100460 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000077100370 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000077100480 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000000771003e0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000077100320 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000000771003b0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000077100390 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000000771002e0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000077100440 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000000771002d0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000077100310 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000000771003c0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000000771003f0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000077100230 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000077100490 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000000771003a0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000000771002f0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000077100350 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000077100290 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000000771002b0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000000771003d0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000077100330 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000077100410 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000077100240 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000000771001e0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000077100250 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000000771004a0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000000771004b0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000077100300 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000077100360 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000000771002a0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000000771002c0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000077100380 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000077100340 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000077100450 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000077100260 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000077100270 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000077100400 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000000771001f0 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000077100210 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000077100200 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000077100420 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000077100430 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000077100220 .text C:\Windows\system32\taskeng.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000077100280 .text C:\Users\Asia\Desktop\OTL\4ooyhept.exe[2852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fa13c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fa1410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fa15c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fa1710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fa1790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fa1840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fa19a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076fa19a2 3 bytes {JMP 0xffffffff890ce890} .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fa1b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fa1b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fa1c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fa1c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fa1d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fa1da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076fa1da2 3 bytes {JMP 0xffffffff890ce590} .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fa1e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fa1e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fa21c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076fa21c2 3 bytes {JMP 0xffffffff890ce090} .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fa21f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fa2200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fa2230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fa2240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fa22a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fa22f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fa2320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fa2330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fa2620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fa2820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fa2830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fa2a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fa2a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fa2ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fa2af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\taskeng.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 5 bytes JMP 0000000100070280 .text C:\Users\Asia\Desktop\OTL\4ooyhept.exe[816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f9a30a 1 byte [62] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 35 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 108008 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037a978f28 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF8 0x8D 0xEE 0x68 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 35 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 108008 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037a978f28 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF8 0x8D 0xEE 0x68 ... ---- EOF - GMER 2.1 ----