GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-04 13:23:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ100E5 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Henry\AppData\Local\Temp\pxldipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000149d20460 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000149d20450 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000149d20370 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000149d20470 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000149d203e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000149d20320 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000149d203b0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000149d20390 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000149d202e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000149d202d0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000149d20310 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000149d203c0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000149d203f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000149d20230 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000149d20480 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000149d203a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000149d202f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000149d20350 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000149d20290 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000149d202b0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000149d203d0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000149d20330 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000149d20410 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000149d20240 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000149d201e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000149d20250 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000149d20490 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000149d204a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000149d20300 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000149d20360 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000149d202a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000149d202c0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000149d20380 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000149d20340 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000149d20440 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000149d20260 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000149d20270 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000149d20400 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000149d201f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000149d20210 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000149d20200 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000149d20420 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000149d20430 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000149d20220 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000149d20280 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\wininit.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000149d20460 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000149d20450 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000149d20370 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000149d20470 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000149d203e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000149d20320 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000149d203b0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000149d20390 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000149d202e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000149d202d0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000149d20310 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000149d203c0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000149d203f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000149d20230 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000149d20480 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000149d203a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000149d202f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000149d20350 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000149d20290 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000149d202b0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000149d203d0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000149d20330 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000149d20410 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000149d20240 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000149d201e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000149d20250 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000149d20490 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000149d204a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000149d20300 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000149d20360 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000149d202a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000149d202c0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000149d20380 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000149d20340 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000149d20440 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000149d20260 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000149d20270 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000149d20400 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000149d201f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000149d20210 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000149d20200 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000149d20420 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000149d20430 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000149d20220 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000149d20280 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\services.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\lsass.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\System32\svchost.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\System32\svchost.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\System32\svchost.exe[556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\svchost.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000100060280 .text C:\Windows\system32\nvvsvc.exe[1468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe[1868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\taskhost.exe[1040] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 0000000076ff03e0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 0000000076ff0400 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007703fac0 5 bytes JMP 0000000100030600 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007703fb58 5 bytes JMP 0000000100030804 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fcb0 5 bytes JMP 0000000100030c0c .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040038 5 bytes JMP 0000000100030a08 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041920 5 bytes JMP 0000000100030e10 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007705c4dd 5 bytes JMP 00000001000301f8 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077061287 5 bytes JMP 00000001000303fc .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076905181 5 bytes JMP 0000000100241014 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076905254 5 bytes JMP 0000000100240804 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000769053d5 5 bytes JMP 0000000100240a08 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000769054c2 5 bytes JMP 0000000100240c0c .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000769055e2 5 bytes JMP 0000000100240e10 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007690567c 5 bytes JMP 00000001002401f8 .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007690589f 5 bytes JMP 00000001002403fc .text C:\Windows\SysWOW64\ASGT.exe[2128] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076905a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007703fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007703fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007705c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077061287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007693ee09 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076943982 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076947603 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007694835c 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007695f52b 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076905181 5 bytes JMP 0000000100111014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076905254 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000769053d5 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000769054c2 5 bytes JMP 0000000100110c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000769055e2 5 bytes JMP 0000000100110e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007690567c 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007690589f 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076905a22 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075761465 2 bytes [76, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757614bb 2 bytes [76, 75] .text ... * 2 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e63b10 5 bytes JMP 000000010030075c .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e67ac0 5 bytes JMP 00000001003003a4 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076e91430 5 bytes JMP 0000000100300b14 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e91490 5 bytes JMP 0000000100300ecc .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 000000010030163c .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076e917b0 5 bytes JMP 0000000100301284 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 00000001003019f4 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007703fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007703fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007705c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077061287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076905181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076905254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000769053d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000769054c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000769055e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007690567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007690589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076905a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007693ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076943982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076947603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007694835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2248] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007695f52b 5 bytes JMP 0000000100250a08 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e63b10 5 bytes JMP 000000010027075c .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e67ac0 5 bytes JMP 00000001002703a4 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076e91430 5 bytes JMP 0000000100270b14 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e91490 5 bytes JMP 0000000100270ecc .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 000000010027163c .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076e917b0 5 bytes JMP 0000000100271284 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 00000001002719f4 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\system32\svchost.exe[2588] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e63b10 5 bytes JMP 000000010030075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e67ac0 5 bytes JMP 00000001003003a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076e91430 5 bytes JMP 0000000100300b14 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e91490 5 bytes JMP 0000000100300ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 000000010030163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076e917b0 5 bytes JMP 0000000100301284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 00000001003019f4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\system32\svchost.exe[3036] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1384] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e63b10 5 bytes JMP 000000010027075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e67ac0 5 bytes JMP 00000001002703a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076e91430 5 bytes JMP 0000000100270b14 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e91490 5 bytes JMP 0000000100270ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 000000010027163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076e917b0 5 bytes JMP 0000000100271284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 00000001002719f4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe[1332] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007703fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007703fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007705c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077061287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076905181 5 bytes JMP 0000000100151014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076905254 5 bytes JMP 0000000100150804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000769053d5 5 bytes JMP 0000000100150a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000769054c2 5 bytes JMP 0000000100150c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000769055e2 5 bytes JMP 0000000100150e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007690567c 5 bytes JMP 00000001001501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007690589f 5 bytes JMP 00000001001503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076905a22 5 bytes JMP 0000000100150600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007693ee09 5 bytes JMP 00000001001601f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076943982 5 bytes JMP 00000001001603fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076947603 5 bytes JMP 0000000100160804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007694835c 5 bytes JMP 0000000100160600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2916] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007695f52b 5 bytes JMP 0000000100160a08 .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\System32\svchost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007703fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007703fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007705c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077061287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076905181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076905254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000769053d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000769054c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000769055e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007690567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007690589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076905a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007693ee09 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076943982 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076947603 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007694835c 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007695f52b 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075761465 2 bytes [76, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757614bb 2 bytes [76, 75] .text ... * 2 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e63b10 5 bytes JMP 000000010010075c .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e67ac0 5 bytes JMP 00000001001003a4 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000100070460 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000100070450 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076e91430 5 bytes JMP 0000000100100b14 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e91490 5 bytes JMP 0000000100100ecc .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000100070370 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000100070470 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 000000010010163c .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000100070320 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 00000001000703b0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000100070390 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 00000001000702d0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000100070310 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 00000001000703c0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076e917b0 5 bytes JMP 0000000100101284 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000100070230 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000100070480 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000100070350 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000100070290 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000100070330 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000100070410 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000100070240 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000100070250 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000100070490 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000100070300 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000100070360 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 00000001000702a0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 00000001000702c0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000100070380 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000100070340 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000100070440 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000100070260 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000100070270 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 00000001001019f4 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000100070210 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000100070200 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000100070420 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000100070430 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000100070280 .text C:\Windows\explorer.exe[4088] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\explorer.exe[4088] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e63b10 5 bytes JMP 000000010016075c .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e67ac0 5 bytes JMP 00000001001603a4 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076e91430 5 bytes JMP 0000000100160b14 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e91490 5 bytes JMP 0000000100160ecc .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 000000010016163c .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076e917b0 5 bytes JMP 0000000100161284 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 00000001001619f4 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\explorer.exe[3420] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\explorer.exe[3420] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e63b10 5 bytes JMP 00000001001a075c .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e67ac0 5 bytes JMP 00000001001a03a4 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e91360 5 bytes JMP 0000000076ff0460 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e913b0 5 bytes JMP 0000000076ff0450 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076e91430 5 bytes JMP 00000001001a0b14 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e91490 5 bytes JMP 00000001001a0ecc .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e91510 5 bytes JMP 0000000076ff0370 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e91560 5 bytes JMP 0000000076ff0470 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e91570 5 bytes JMP 00000001001a163c .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e91620 5 bytes JMP 0000000076ff0320 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e91650 5 bytes JMP 0000000076ff03b0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e91670 5 bytes JMP 0000000076ff0390 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e916b0 5 bytes JMP 0000000076ff02e0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e91730 5 bytes JMP 0000000076ff02d0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e91750 5 bytes JMP 0000000076ff0310 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e91790 5 bytes JMP 0000000076ff03c0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076e917b0 5 bytes JMP 00000001001a1284 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e917e0 5 bytes JMP 0000000076ff03f0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e91940 5 bytes JMP 0000000076ff0230 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e91b00 5 bytes JMP 0000000076ff0480 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e91b30 5 bytes JMP 0000000076ff03a0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e91c10 5 bytes JMP 0000000076ff02f0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e91c20 5 bytes JMP 0000000076ff0350 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e91c80 5 bytes JMP 0000000076ff0290 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e91d10 5 bytes JMP 0000000076ff02b0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e91d30 5 bytes JMP 0000000076ff03d0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e91d40 5 bytes JMP 0000000076ff0330 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e91db0 5 bytes JMP 0000000076ff0410 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e91de0 5 bytes JMP 0000000076ff0240 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e920a0 5 bytes JMP 0000000076ff01e0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e92160 5 bytes JMP 0000000076ff0250 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e92190 5 bytes JMP 0000000076ff0490 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e921a0 5 bytes JMP 0000000076ff04a0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e921d0 5 bytes JMP 0000000076ff0300 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e921e0 5 bytes JMP 0000000076ff0360 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e92240 5 bytes JMP 0000000076ff02a0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e92290 5 bytes JMP 0000000076ff02c0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e922c0 5 bytes JMP 0000000076ff0380 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e922d0 5 bytes JMP 0000000076ff0340 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e925c0 5 bytes JMP 0000000076ff0440 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e927c0 5 bytes JMP 0000000076ff0260 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e927d0 5 bytes JMP 0000000076ff0270 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e927e0 5 bytes JMP 00000001001a19f4 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e929a0 5 bytes JMP 0000000076ff01f0 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e929b0 5 bytes JMP 0000000076ff0210 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e92a20 5 bytes JMP 0000000076ff0200 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e92a80 5 bytes JMP 0000000076ff0420 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e92a90 5 bytes JMP 0000000076ff0430 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e92aa0 5 bytes JMP 0000000076ff0220 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e92b80 5 bytes JMP 0000000076ff0280 .text C:\Windows\explorer.exe[3516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\explorer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\system32\wbem\wmiprvse.exe[3664] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefec36e00 5 bytes JMP 000007ff7ec51dac .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefec36f2c 5 bytes JMP 000007ff7ec50ecc .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefec37220 5 bytes JMP 000007ff7ec51284 .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefec3739c 5 bytes JMP 000007ff7ec5163c .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefec37538 5 bytes JMP 000007ff7ec519f4 .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefec375e8 5 bytes JMP 000007ff7ec503a4 .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefec3790c 5 bytes JMP 000007ff7ec5075c .text C:\Windows\system32\wbem\unsecapp.exe[3364] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefec37ab4 5 bytes JMP 000007ff7ec50b14 .text C:\Windows\system32\AUDIODG.EXE[3596] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62] .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007703fac0 5 bytes JMP 0000000100030600 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007703fb58 5 bytes JMP 0000000100030804 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040038 5 bytes JMP 0000000100030a08 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041920 5 bytes JMP 0000000100030e10 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007705c4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077061287 5 bytes JMP 00000001000303fc .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007545a30a 1 byte [62] .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076905181 5 bytes JMP 00000001001d1014 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076905254 5 bytes JMP 00000001001d0804 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000769053d5 5 bytes JMP 00000001001d0a08 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000769054c2 5 bytes JMP 00000001001d0c0c .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000769055e2 5 bytes JMP 00000001001d0e10 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007690567c 5 bytes JMP 00000001001d01f8 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007690589f 5 bytes JMP 00000001001d03fc .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076905a22 5 bytes JMP 00000001001d0600 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007693ee09 5 bytes JMP 00000001001e01f8 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076943982 5 bytes JMP 00000001001e03fc .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076947603 5 bytes JMP 00000001001e0804 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007694835c 5 bytes JMP 00000001001e0600 .text C:\Users\Henry\Desktop\m57g1hli.exe[1088] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007695f52b 5 bytes JMP 00000001001e0a08 ---- Threads - GMER 2.1 ---- Thread [1352:1392] 000000007485345e Thread [1352:1404] 0000000076907587 Thread [1352:1568] 0000000074339a90 Thread [1352:1572] 00000000741ecce0 Thread [1352:1580] 00000000743fbf60 Thread [1352:1584] 00000000743fb770 Thread [1352:1588] 0000000077072e65 Thread [1352:1612] 000000007485345e Thread [1352:1616] 000000007485345e Thread [1352:1620] 000000007485345e Thread [1352:1884] 000000007485345e Thread [1352:1888] 00000000743ef2b0 Thread [1352:1892] 00000000743ef2b0 Thread [1352:1896] 00000000743ef2b0 Thread [1352:1900] 00000000743ef2b0 Thread [1352:1904] 00000000743ef2b0 Thread [1352:1908] 00000000743f0580 Thread [1352:1912] 00000000743efb70 Thread [1352:1916] 000000007441a0f0 Thread [1352:1920] 0000000074418ed0 Thread [1352:1924] 00000000744192a0 Thread [1352:1928] 00000000743f1d60 Thread [1352:1932] 00000000743f1d60 Thread [1352:1936] 00000000743f1d60 Thread [1352:1940] 00000000743f1d60 Thread [1352:1944] 00000000743f1d60 Thread [1352:1996] 00000000721e12f0 Thread [1352:2000] 00000000721e2c80 Thread [1352:2004] 00000000721e2c80 Thread [1352:2008] 00000000721b1070 Thread [1352:2012] 000000007485345e Thread [1352:2016] 000000007485345e Thread [1352:1072] 0000000072d11010 Thread [1352:1144] 0000000072cf12f0 Thread [1352:1148] 0000000072cd15e0 Thread [1352:1244] 00000000743fcb90 Thread [1352:1228] 00000000743f1860 Thread [1352:536] 000000007485345e Thread [1352:608] 000000007441fa70 Thread [1352:1216] 00000000740f5400 Thread [1352:1272] 000000007510d864 Thread [1352:2160] 00000000721b1630 Thread [1352:2244] 00000000727d7510 Thread [1352:2256] 0000000077073e85 Thread [1352:2264] 000000007485345e Thread [1352:2292] 00000000709f1670 Thread [1352:2296] 00000000709f1840 Thread [1352:2300] 000000007485345e Thread [1352:2308] 00000000743441a0 Thread [1352:2312] 00000000743481e0 Thread [1352:2316] 000000007485345e Thread [1352:2344] 0000000074341f10 Thread [1352:2352] 000000007485345e Thread [1352:2364] 000000007485345e Thread [1352:2380] 00000000748532ce Thread [1352:2384] 00000000748532ce Thread [1352:2392] 00000000748532ce Thread [1352:2400] 00000000748532ce Thread [1352:2408] 00000000748532ce Thread [1352:2416] 00000000748532ce Thread [1352:2444] 0000000077073e85 Thread [1352:2656] 000000007485345e Thread [1352:3000] 000000006fb27057 Thread [1352:3148] 0000000077073e85 Thread [1352:1668] 00000000748532ce Thread [1352:1048] 00000000748532ce Thread [1352:3792] 00000000748532ce Thread [1352:4044] 00000000748532ce Thread [1352:1672] 00000000748532ce Thread [1352:3864] 0000000077073e85 Thread [1352:3772] 0000000077073e85 Thread [1352:3624] 00000000731b62ee Thread [1352:1360] 0000000077073e85 Thread [1352:1732] 0000000077073e85 Thread [1352:3972] 0000000077073e85 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@DisplayName avast! TDI Firewall driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Description avast! TDI Firewall driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 159 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 616796 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ImagePath "C:\Program Files\AVAST Software\Avast\afwServ.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@DisplayName avast! Firewall Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Description Implements main functionality for avast! Firewall Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5027c7 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5027c7@90c1153ac01a 0x71 0x62 0x61 0x24 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@DisplayName avast! TDI Firewall driver Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswFW@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Description avast! TDI Firewall driver Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswFW\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFW\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswFW\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 159 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 616796 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 3 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ImagePath "C:\Program Files\AVAST Software\Avast\afwServ.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@DisplayName avast! Firewall Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Description Implements main functionality for avast! Firewall Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5027c7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5027c7@90c1153ac01a 0x71 0x62 0x61 0x24 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05055CBA-D3C0-F33A-77F2-EEDAE4699789} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05055CBA-D3C0-F33A-77F2-EEDAE4699789}@mandfmaoiafmoampaidhjehjpl 0x6F 0x61 0x6F 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05055CBA-D3C0-F33A-77F2-EEDAE4699789}@abodcmgialofkcegcfjngdknibpgoogcoa 0x61 0x62 0x6D 0x65 ... ---- EOF - GMER 2.1 ----