GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-21 14:10:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13 298,09GB Running: mp0nx79b.exe; Driver: C:\Users\Gerard\AppData\Local\Temp\ugrdrpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003008000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582 fffff80003008036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 00000001498f0460 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 00000001498f0450 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 00000001498f0370 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 00000001498f0470 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000001498f03e0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 00000001498f0320 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000001498f03b0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 00000001498f0390 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000001498f02e0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000001498f02d0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 00000001498f0310 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000001498f03c0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000001498f03f0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 00000001498f0230 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 00000001498f0480 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000001498f03a0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000001498f02f0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 00000001498f0350 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 00000001498f0290 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000001498f02b0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000001498f03d0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 00000001498f0330 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 00000001498f0410 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 00000001498f0240 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000001498f01e0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 00000001498f0250 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 00000001498f0490 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000001498f04a0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 00000001498f0300 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 00000001498f0360 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000001498f02a0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000001498f02c0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 00000001498f0380 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 00000001498f0340 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 00000001498f0440 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 00000001498f0260 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 00000001498f0270 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001498f0400 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000001498f01f0 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 00000001498f0210 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 00000001498f0200 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 00000001498f0420 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 00000001498f0430 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 00000001498f0220 .text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 00000001498f0280 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\wininit.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 00000001498f0460 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 00000001498f0450 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 00000001498f0370 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 00000001498f0470 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000001498f03e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 00000001498f0320 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000001498f03b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 00000001498f0390 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000001498f02e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000001498f02d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 00000001498f0310 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000001498f03c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000001498f03f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 00000001498f0230 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 00000001498f0480 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000001498f03a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000001498f02f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 00000001498f0350 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 00000001498f0290 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000001498f02b0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000001498f03d0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 00000001498f0330 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 00000001498f0410 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 00000001498f0240 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000001498f01e0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 00000001498f0250 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 00000001498f0490 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000001498f04a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 00000001498f0300 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 00000001498f0360 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000001498f02a0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000001498f02c0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 00000001498f0380 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 00000001498f0340 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 00000001498f0440 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 00000001498f0260 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 00000001498f0270 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001498f0400 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000001498f01f0 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 00000001498f0210 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 00000001498f0200 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 00000001498f0420 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 00000001498f0430 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 00000001498f0220 .text C:\Windows\system32\csrss.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 00000001498f0280 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\services.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\services.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\winlogon.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\atiesrxx.exe[852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\System32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe[428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\atieclxx.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\System32\spoolsv.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe[1772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ef1465 2 bytes [EF, 74] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ef14bb 2 bytes [EF, 74] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073211a22 2 bytes [21, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073211ad0 2 bytes [21, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073211b08 2 bytes [21, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073211bba 2 bytes [21, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073211bda 2 bytes [21, 73] .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[1972] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe[2020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\Dwm.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000000772603e0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 0000000077260400 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010017075c .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001001703a4 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100170b14 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100170ecc .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010017163c .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100171284 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001001719f4 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\system32\svchost.exe[2456] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010034075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001003403a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100340b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100340ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010034163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100341284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001003419f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files\IDT\WDM\sttray64.exe[664] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010033075c .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001003303a4 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100330b14 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100330ecc .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010033163c .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100331284 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001003319f4 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files\Java\jre6\bin\jusched.exe[1704] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[368] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100261014 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100260c0c .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100260e10 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[324] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100261014 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100260c0c .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100260e10 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[3076] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100260600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3180] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010038075c .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001003803a4 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100380b14 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100380ecc .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010038163c .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100381284 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001003819f4 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\system32\SearchIndexer.exe[3228] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002301f8 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002303fc .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100230804 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100230600 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100230a08 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100241014 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100240804 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100240a08 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100240c0c .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100240e10 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002401f8 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002403fc .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100240600 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ef1465 2 bytes [EF, 74] .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ef14bb 2 bytes [EF, 74] .text ... * 2 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Unified Remote\RemoteServer.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100260a08 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010040075c .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001004003a4 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100400b14 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100400ecc .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010040163c .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100401284 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001004019f4 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3424] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002301f8 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002303fc .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100230804 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100230600 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100230a08 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100241014 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100240804 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100240a08 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100240c0c .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100240e10 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002401f8 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002403fc .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100240600 .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ef1465 2 bytes [EF, 74] .text C:\Users\Gerard\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ef14bb 2 bytes [EF, 74] .text ... * 2 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\syswow64\user32.DLL!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\syswow64\user32.DLL!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 00000001002d1014 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 00000001002d0804 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 00000001002d0a08 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 00000001002d0c0c .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 00000001002d0e10 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002d01f8 .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002d03fc .text C:\Program Files (x86)\Hp\QuickPlay\QPService.exe[3892] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 00000001002d0600 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 00000001001d1014 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 00000001001d0c0c .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 00000001001d0e10 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3968] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 00000001001d1014 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 00000001001d0c0c .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 00000001001d0e10 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[4036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001001801f8 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001001803fc .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100180804 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100180600 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100180a08 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100191014 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100190804 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100190a08 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100190c0c .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100190e10 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001001901f8 .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001001903fc .text C:\Program Files (x86)\Winamp\winampa.exe[3164] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100190600 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010017075c .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001001703a4 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100170b14 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100170ecc .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010017163c .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100171284 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001001719f4 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[3144] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 00000001001e1014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 00000001001e0c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 00000001001e0e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002001f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002003fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100200804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100200600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3404] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100200a08 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3748] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[2448] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ef1465 2 bytes [EF, 74] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[1236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ef14bb 2 bytes [EF, 74] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\system32\wbem\wmiprvse.exe[4336] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4732] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100250a08 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010021075c .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001002103a4 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100210b14 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100210ecc .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010021163c .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100211284 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001002119f4 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\System32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010021075c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001002103a4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100210b14 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100210ecc .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010021163c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100211284 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001002119f4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2272] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 00000001001e1014 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 00000001001e0c0c .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 00000001001e0e10 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe[4376] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010026075c .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001002603a4 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100260b14 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100260ecc .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010026163c .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100261284 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001002619f4 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076feef8d 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5364] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\System32\svchost.exe[5356] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5352] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100260a08 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 000000010027075c .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001002703a4 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 0000000100270b14 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 0000000100270ecc .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 000000010027163c .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 0000000100271284 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001002719f4 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\system32\wuauclt.exe[5852] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770d3b10 5 bytes JMP 00000001002c075c .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000770d7ac0 5 bytes JMP 00000001002c03a4 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077101360 5 bytes JMP 0000000077260460 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771013b0 5 bytes JMP 0000000077260450 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077101430 5 bytes JMP 00000001002c0b14 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077101490 5 bytes JMP 00000001002c0ecc .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077101510 5 bytes JMP 0000000077260370 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077101560 5 bytes JMP 0000000077260470 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077101570 5 bytes JMP 00000001002c163c .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077101620 5 bytes JMP 0000000077260320 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 5 bytes JMP 00000000772603b0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077101670 5 bytes JMP 0000000077260390 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771016b0 5 bytes JMP 00000000772602e0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077101730 5 bytes JMP 00000000772602d0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077101750 5 bytes JMP 0000000077260310 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077101790 5 bytes JMP 00000000772603c0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771017b0 5 bytes JMP 00000001002c1284 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771017e0 5 bytes JMP 00000000772603f0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077101940 5 bytes JMP 0000000077260230 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077101b00 5 bytes JMP 0000000077260480 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077101b30 5 bytes JMP 00000000772603a0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077101c10 5 bytes JMP 00000000772602f0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077101c20 5 bytes JMP 0000000077260350 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077101c80 5 bytes JMP 0000000077260290 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077101d10 5 bytes JMP 00000000772602b0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 5 bytes JMP 00000000772603d0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077101d40 5 bytes JMP 0000000077260330 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077101db0 5 bytes JMP 0000000077260410 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077101de0 5 bytes JMP 0000000077260240 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771020a0 5 bytes JMP 00000000772601e0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077102160 5 bytes JMP 0000000077260250 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077102190 5 bytes JMP 0000000077260490 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771021a0 5 bytes JMP 00000000772604a0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771021d0 5 bytes JMP 0000000077260300 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771021e0 5 bytes JMP 0000000077260360 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077102240 5 bytes JMP 00000000772602a0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077102290 5 bytes JMP 00000000772602c0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771022c0 5 bytes JMP 0000000077260380 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771022d0 5 bytes JMP 0000000077260340 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771025c0 5 bytes JMP 0000000077260440 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771027c0 5 bytes JMP 0000000077260260 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771027d0 5 bytes JMP 0000000077260270 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 5 bytes JMP 00000001002c19f4 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771029a0 5 bytes JMP 00000000772601f0 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771029b0 5 bytes JMP 0000000077260210 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077102a20 5 bytes JMP 0000000077260200 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077102a80 5 bytes JMP 0000000077260420 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077102a90 5 bytes JMP 0000000077260430 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077102aa0 5 bytes JMP 0000000077260220 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077102b80 5 bytes JMP 0000000077260280 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2c6e00 5 bytes JMP 000007ff7f2e1dac .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2c6f2c 5 bytes JMP 000007ff7f2e0ecc .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2c7220 5 bytes JMP 000007ff7f2e1284 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2c739c 5 bytes JMP 000007ff7f2e163c .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2c7538 5 bytes JMP 000007ff7f2e19f4 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2c75e8 5 bytes JMP 000007ff7f2e03a4 .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2c790c 5 bytes JMP 000007ff7f2e075c .text C:\Windows\system32\taskhost.exe[5936] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2c7ab4 5 bytes JMP 000007ff7f2e0b14 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000772afac0 5 bytes JMP 0000000100030600 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000772afb58 5 bytes JMP 0000000100030804 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772afcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0038 5 bytes JMP 0000000100030a08 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772b1920 5 bytes JMP 0000000100030e10 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000772cc4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772d1287 5 bytes JMP 00000001000303fc .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076bca2fd 1 byte [62] .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076235181 5 bytes JMP 0000000100241014 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076235254 5 bytes JMP 0000000100240804 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000762353d5 5 bytes JMP 0000000100240a08 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000762354c2 5 bytes JMP 0000000100240c0c .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000762355e2 5 bytes JMP 0000000100240e10 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007623567c 5 bytes JMP 00000001002401f8 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007623589f 5 bytes JMP 00000001002403fc .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076235a22 5 bytes JMP 0000000100240600 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007664ee09 5 bytes JMP 00000001002501f8 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076653982 5 bytes JMP 00000001002503fc .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076657603 5 bytes JMP 0000000100250804 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007665835c 5 bytes JMP 0000000100250600 .text C:\Users\Gerard\Desktop\Gmer\mp0nx79b.exe[4880] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007666f52b 5 bytes JMP 0000000100250a08 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3696:3828] 000007fefe860168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3696:3728] 000007fefb252bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3696:3860] 000007feedb14830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3696:2724] 000007fef8e95124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 62 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 21829659 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 62 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 21829659 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----