GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-14 16:06:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465,76GB Running: 0n0bpkju.exe; Driver: C:\Users\Studion\AppData\Local\Temp\pwdiquow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031ef000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031ef02f 16 bytes [00, 04, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\services.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\System32\svchost.exe[120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\svchost.exe[528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\svchost.exe[556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\Explorer.EXE[1736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\Explorer.EXE[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\WLANExt.exe[1860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\System32\spoolsv.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\taskhost.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\svchost.exe[2584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\system32\wbem\wmiprvse.exe[3416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4080] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077578769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007759a2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[3388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Windows\System32\svchost.exe[5452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007759a2ba 1 byte [62] .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778e1360 5 bytes JMP 0000000077a40460 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778e13b0 5 bytes JMP 0000000077a40450 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778e1510 5 bytes JMP 0000000077a40370 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778e1560 5 bytes JMP 0000000077a40470 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778e1570 5 bytes JMP 0000000077a403e0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778e1620 5 bytes JMP 0000000077a40320 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778e1650 5 bytes JMP 0000000077a403b0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778e1670 5 bytes JMP 0000000077a40390 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778e16b0 5 bytes JMP 0000000077a402e0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778e1730 5 bytes JMP 0000000077a402d0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778e1750 5 bytes JMP 0000000077a40310 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778e1790 5 bytes JMP 0000000077a403c0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778e17e0 5 bytes JMP 0000000077a403f0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778e1940 5 bytes JMP 0000000077a40230 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778e1b00 5 bytes JMP 0000000077a40480 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778e1b30 5 bytes JMP 0000000077a403a0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778e1c10 5 bytes JMP 0000000077a402f0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778e1c20 5 bytes JMP 0000000077a40350 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778e1c80 5 bytes JMP 0000000077a40290 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778e1d10 5 bytes JMP 0000000077a402b0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778e1d30 5 bytes JMP 0000000077a403d0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778e1d40 5 bytes JMP 0000000077a40330 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778e1db0 5 bytes JMP 0000000077a40410 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778e1de0 5 bytes JMP 0000000077a40240 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778e20a0 5 bytes JMP 0000000077a401e0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778e2160 5 bytes JMP 0000000077a40250 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778e2190 5 bytes JMP 0000000077a40490 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778e21a0 5 bytes JMP 0000000077a404a0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778e21d0 5 bytes JMP 0000000077a40300 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778e21e0 5 bytes JMP 0000000077a40360 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778e2240 5 bytes JMP 0000000077a402a0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778e2290 5 bytes JMP 0000000077a402c0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778e22c0 5 bytes JMP 0000000077a40380 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778e22d0 5 bytes JMP 0000000077a40340 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778e25c0 5 bytes JMP 0000000077a40440 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778e27c0 5 bytes JMP 0000000077a40260 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778e27d0 5 bytes JMP 0000000077a40270 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778e27e0 5 bytes JMP 0000000077a40400 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778e29a0 5 bytes JMP 0000000077a401f0 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778e29b0 5 bytes JMP 0000000077a40210 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778e2a20 5 bytes JMP 0000000077a40200 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778e2a80 5 bytes JMP 0000000077a40420 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778e2a90 5 bytes JMP 0000000077a40430 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778e2aa0 5 bytes JMP 0000000077a40220 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778e2b80 5 bytes JMP 0000000077a40280 .text C:\Program Files\Speccy\Speccy64.exe[6320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[1760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007759a2ba 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[7740] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000776ceecd 1 byte [62] .text C:\Users\Studion\Desktop\0n0bpkju.exe[5784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007759a2ba 1 byte [62] ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1736] (GG drive overlay/GG Network S.A.)(2013-06-16 16:59:36) 000000005c080000 Library C:\Users\Studion\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1736] (GG drive menu/GG Network S.A.) 000000005ff80000 Library C:\Users\Studion\AppData\Local\Temp\speccycpuid.dll (*** suspicious ***) @ C:\Program Files\Speccy\Speccy64.exe [6320] (CPUID DLL SDK/CPUID)(2 0000000180000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1573FAC6-438A-435C-8854-40A788E1DD03}\Connection@Name isatap.{8A8A6B1D-A64A-4D30-8A2C-307CBAE00D4E} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{FF982510-692A-4375-BDCC-F3B8AB8B04C3}?\Device\{8B89D37F-142B-4076-B03C-9803384F652A}?\Device\{1573FAC6-438A-435C-8854-40A788E1DD03}?\Device\{6F6C130A-2A91-4072-91FF-88D173D6527D}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{FF982510-692A-4375-BDCC-F3B8AB8B04C3}"?"{8B89D37F-142B-4076-B03C-9803384F652A}"?"{1573FAC6-438A-435C-8854-40A788E1DD03}"?"{6F6C130A-2A91-4072-91FF-88D173D6527D}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{FF982510-692A-4375-BDCC-F3B8AB8B04C3}?\Device\TCPIP6TUNNEL_{8B89D37F-142B-4076-B03C-9803384F652A}?\Device\TCPIP6TUNNEL_{1573FAC6-438A-435C-8854-40A788E1DD03}?\Device\TCPIP6TUNNEL_{6F6C130A-2A91-4072-91FF-88D173D6527D}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737cef0e4 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1573FAC6-438A-435C-8854-40A788E1DD03}@InterfaceName isatap.{8A8A6B1D-A64A-4D30-8A2C-307CBAE00D4E} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1573FAC6-438A-435C-8854-40A788E1DD03}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x12 0x16 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xC7 0xE8 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xD4 0xA6 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC0 0x81 0x71 0x41 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737cef0e4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x12 0x16 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xC7 0xE8 0x0A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xD4 0xA6 0x76 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC0 0x81 0x71 0x41 ... ---- EOF - GMER 2.1 ----