GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-17 14:53:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0004 298,09GB Running: d8jc4rnm.exe; Driver: C:\Users\Madzia\AppData\Local\Temp\pwdiapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000149830460 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000149830450 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000149830370 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000149830470 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 00000001498303e0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000149830320 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 00000001498303b0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000149830390 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 00000001498302e0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 00000001498302d0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000149830310 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 00000001498303c0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 00000001498303f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000149830230 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000149830480 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 00000001498303a0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 00000001498302f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000149830350 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000149830290 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 00000001498302b0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 00000001498303d0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000149830330 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000149830410 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000149830240 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 00000001498301e0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000149830250 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000149830490 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 00000001498304a0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000149830300 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000149830360 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 00000001498302a0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 00000001498302c0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000149830380 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000149830340 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000149830440 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000149830260 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000149830270 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000149830400 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 00000001498301f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000149830210 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000149830200 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000149830420 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000149830430 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000149830220 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000149830280 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\wininit.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\wininit.exe[576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\services.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\winlogon.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\svchost.exe[348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\svchost.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\nvvsvc.exe[1372] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\WLANExt.exe[1404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\spoolsv.exe[1608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2188] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076941465 2 bytes [94, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2188] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769414bb 2 bytes [94, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2444] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076941465 2 bytes [94, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769414bb 2 bytes [94, 76] .text ... * 2 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[2496] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\svchost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Windows\SysWOW64\DllHost.exe[2984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076941465 2 bytes [94, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769414bb 2 bytes [94, 76] .text ... * 2 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\taskhost.exe[3184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\Dwm.exe[3404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\Explorer.EXE[3440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\Explorer.EXE[3440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Windows Sidebar\sidebar.exe[492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\StikyNot.exe[3724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[1704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files (x86)\Winamp\winampa.exe[4032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files (x86)\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe[1128] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e51360 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e513b0 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51510 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e51560 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e51570 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51620 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e51650 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e51670 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e516b0 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51730 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e51750 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e51790 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e517e0 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e51940 5 bytes JMP 0000000076fb0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e51b00 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e51b30 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c10 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c20 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51c80 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d10 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d30 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51d40 5 bytes JMP 0000000076fb0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51db0 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51de0 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e520a0 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e52160 5 bytes JMP 0000000076fb0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e52190 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e521a0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e521d0 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e521e0 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e52240 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e52290 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e522c0 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e522d0 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e525c0 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e527c0 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e527d0 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e527e0 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e529a0 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e529b0 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a20 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52a80 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52a90 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52aa0 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52b80 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[4876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] .text C:\Users\Madzia\Downloads\d8jc4rnm.exe[5712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007661a2ba 1 byte [62] ---- Services - GMER 2.1 ---- Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!! Service C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 4 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 77 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 3443985 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187@CreationTime 0xD6 0xC4 0xC2 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187@SetupOperations MoveFile("\??\c:\program files\alwil software\avast5\ashwebsv.dll.1382402187","\??\c:\program files\alwil software\avast5\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\ashwebsv.dll.sum.1382402187","\??\c:\program files\alwil software\avast5\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\avastui.exe.1382402187","\??\c:\program files\alwil software\avast5\avastui.exe",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\avastui.exe.sum.1382402187","\??\c:\program files\alwil software\avast5\avastui.exe.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187@StartBootCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382402187@StartTickCounter 71680 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@CreationTime 0x0A 0x3E 0xC8 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@SetupOperations DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\x64\aswsp.sys.1383939136")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\x64\aswsp.sys.sum.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.inf.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.inf.sum.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.cat.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.cat.sum.1383939136")? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@StartBootCounter 28 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@StartTickCounter 985960 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383939136@LastPackageError -1073741772 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016@CreationTime 0x3E 0xCE 0x6E 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016@SetupOperations MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.1387273016","\??\c:\program files\alwil software\avast5\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.sum.1387273016","\??\c:\program files\alwil software\avast5\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016@StartBootCounter 75 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273016@StartTickCounter 3441458 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 12 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024337515e6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00243388de53 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@60d0a9564a5a 0x3A 0xE2 0x46 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@001a6bee8b96 0x8E 0x7B 0x7F 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@002567d495cf 0x84 0xCA 0xE4 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@945103fb917c 0x8C 0x91 0x2C 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@58c38be58201 0x74 0xA8 0x19 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@78471d495d8c 0x41 0xFC 0x81 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@30392645ef84 0x67 0x84 0x31 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@4c809302b0f1 0x36 0xB7 0xE5 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264370ad09@e440e218b195 0x19 0xAC 0x06 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6B 0x6F 0xDB 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0x47 0xD8 0x10 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 4 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 77 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 3443985 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187@CreationTime 0xD6 0xC4 0xC2 0xBE ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187@SetupOperations MoveFile("\??\c:\program files\alwil software\avast5\ashwebsv.dll.1382402187","\??\c:\program files\alwil software\avast5\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\ashwebsv.dll.sum.1382402187","\??\c:\program files\alwil software\avast5\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\avastui.exe.1382402187","\??\c:\program files\alwil software\avast5\avastui.exe",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\avastui.exe.sum.1382402187","\??\c:\program files\alwil software\avast5\avastui.exe.sum",TRUE)? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187@StartBootCounter 2 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382402187@StartTickCounter 71680 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@CreationTime 0x0A 0x3E 0xC8 0x3B ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@SetupOperations DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\x64\aswsp.sys.1383939136")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\x64\aswsp.sys.sum.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.inf.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.inf.sum.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.cat.1383939136")?DeleteFile("\??\c:\program files\alwil software\avast5\setup\inf\aswsp.cat.sum.1383939136")? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@StartBootCounter 28 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@StartTickCounter 985960 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383939136@LastPackageError -1073741772 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016@CreationTime 0x3E 0xCE 0x6E 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016@SetupOperations MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.1387273016","\??\c:\program files\alwil software\avast5\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.sum.1387273016","\??\c:\program files\alwil software\avast5\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016@StartBootCounter 75 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273016@StartTickCounter 3441458 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 12 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024337515e6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00243388de53 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@60d0a9564a5a 0x3A 0xE2 0x46 0xFB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@001a6bee8b96 0x8E 0x7B 0x7F 0x58 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@002567d495cf 0x84 0xCA 0xE4 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@945103fb917c 0x8C 0x91 0x2C 0xE7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@58c38be58201 0x74 0xA8 0x19 0xBC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@78471d495d8c 0x41 0xFC 0x81 0x56 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@30392645ef84 0x67 0x84 0x31 0xDE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@4c809302b0f1 0x36 0xB7 0xE5 0x7D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264370ad09@e440e218b195 0x19 0xAC 0x06 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6B 0x6F 0xDB 0x43 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0x47 0xD8 0x10 ... ---- EOF - GMER 2.1 ----