GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-24 18:39:55 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298,09GB Running: h520vlod.exe; Driver: C:\Users\Justyna\AppData\Local\Temp\kxliypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\wininit.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000149cc0440 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000149cc0430 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000149cc0450 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 0000000149cc03b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000149cc0320 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000149cc0380 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 0000000149cc02e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000149cc0410 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 0000000149cc02d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000149cc0310 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000149cc0390 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 0000000149cc03c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000149cc0230 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000149cc0460 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000149cc0370 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 0000000149cc02f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000149cc0350 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000149cc0290 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 0000000149cc02b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 0000000149cc03a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000149cc0330 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 0000000149cc03e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000149cc0240 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 0000000149cc01e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000149cc0250 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000149cc0470 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000149cc0480 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000149cc0300 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000149cc0360 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 0000000149cc02a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 0000000149cc02c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000149cc0340 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000149cc0420 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000149cc0260 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000149cc0270 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 0000000149cc03d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 0000000149cc01f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000149cc0210 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000149cc0200 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 0000000149cc03f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000149cc0400 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000149cc0220 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000149cc0280 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\services.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\lsass.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\winlogon.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\Explorer.EXE[1384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\Explorer.EXE[1384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\Dwm.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\FBAgent.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\taskeng.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\taskeng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000100070440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000100070430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000100070450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000001000703b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000100070320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000100070380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000001000702e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000100070410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000001000702d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000100070310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000100070390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000001000703c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000100070230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000100070460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000100070370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000001000702f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000100070350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000100070290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000001000702b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000001000703a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000100070330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000001000703e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000100070240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000001000701e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000100070250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000100070470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000100070480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000100070300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000100070360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000001000702a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000001000702c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000100070340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000100070420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000100070260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000100070270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000001000703d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000001000701f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000100070210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000100070200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000001000703f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000100070400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000100070220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000100070280 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1224] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[1436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000762a1465 2 bytes [2A, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1928] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762a14bb 2 bytes [2A, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\SysWOW64\ACEngSvr.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\wbem\wmiprvse.exe[2356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[2620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Windows\AsScrPro.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Windows\AsScrPro.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762a1465 2 bytes [2A, 76] .text C:\Windows\AsScrPro.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762a14bb 2 bytes [2A, 76] .text ... * 2 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[2860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Program Files\Elantech\ETDCtrl.exe[3272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[3280] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\System32\igfxtray.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\System32\hkcmd.exe[3296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\System32\igfxpers.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3652] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3804] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4044] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\SearchIndexer.exe[2656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Windows\System32\svchost.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wuauclt.exe[5024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 00000001001f0440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 00000001001f0430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 00000001001f0450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000001001f03b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 00000001001f0320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 00000001001f0380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000001001f02e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 00000001001f0410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000001001f02d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 00000001001f0310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 00000001001f0390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000001001f03c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 00000001001f0230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 00000001001f0460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 00000001001f0370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000001001f02f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 00000001001f0350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 00000001001f0290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000001001f02b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000001001f03a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 00000001001f0330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000001001f03e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 00000001001f0240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000001001f01e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 00000001001f0250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 00000001001f0470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 00000001001f0480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 00000001001f0300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 00000001001f0360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000001001f02a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000001001f02c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 00000001001f0340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 00000001001f0420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 00000001001f0260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 00000001001f0270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000001001f03d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000001001f01f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 00000001001f0210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 00000001001f0200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000001001f03f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 00000001001f0400 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 00000001001f0220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 00000001001f0280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4132] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fbf760 5 bytes JMP 0000000077120440 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fbf7b0 5 bytes JMP 0000000077120430 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fbf960 5 bytes JMP 0000000077120450 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fbf970 5 bytes JMP 00000000771203b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fbfa20 5 bytes JMP 0000000077120320 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fbfa50 5 bytes JMP 0000000077120380 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fbfab0 5 bytes JMP 00000000771202e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fbfb00 5 bytes JMP 0000000077120410 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fbfb30 5 bytes JMP 00000000771202d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fbfb50 5 bytes JMP 0000000077120310 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fbfb90 5 bytes JMP 0000000077120390 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fbfbe0 5 bytes JMP 00000000771203c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fbfd40 5 bytes JMP 0000000077120230 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fbff00 5 bytes JMP 0000000077120460 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fbff30 5 bytes JMP 0000000077120370 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fc0010 5 bytes JMP 00000000771202f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fc0020 5 bytes JMP 0000000077120350 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fc0080 5 bytes JMP 0000000077120290 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fc0110 5 bytes JMP 00000000771202b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fc0130 5 bytes JMP 00000000771203a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fc0140 5 bytes JMP 0000000077120330 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fc01b0 5 bytes JMP 00000000771203e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fc01e0 5 bytes JMP 0000000077120240 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fc04a0 5 bytes JMP 00000000771201e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fc0560 5 bytes JMP 0000000077120250 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fc0590 5 bytes JMP 0000000077120470 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fc05a0 5 bytes JMP 0000000077120480 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fc05d0 5 bytes JMP 0000000077120300 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fc05e0 5 bytes JMP 0000000077120360 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fc0640 5 bytes JMP 00000000771202a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fc0690 5 bytes JMP 00000000771202c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fc06d0 5 bytes JMP 0000000077120340 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fc09c0 5 bytes JMP 0000000077120420 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fc0bc0 5 bytes JMP 0000000077120260 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fc0bd0 5 bytes JMP 0000000077120270 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fc0be0 5 bytes JMP 00000000771203d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fc0da0 5 bytes JMP 00000000771201f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fc0db0 5 bytes JMP 0000000077120210 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fc0e20 5 bytes JMP 0000000077120200 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fc0e80 5 bytes JMP 00000000771203f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fc0e90 5 bytes JMP 0000000077120400 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fc0ea0 5 bytes JMP 0000000077120220 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fc0f80 5 bytes JMP 0000000077120280 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe[2136] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076daf1fd 1 byte [62] .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe[4836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] .text C:\Users\Justyna\Desktop\h520vlod.exe[4936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689b0c5 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\lpksetup.exe [1856:2792] 000007fefe6173d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ????????????8???????4???????A-??? ???????????????????????????????????????f??? ?????????????????????0??L????????? ???????68??11??????? ?????????????????????0????????????????????????????????????????? ????????????????????????????????????????????s}"???? ???????????????????????????????????????f??? ?????????????????????0??L????????? ???????68??text?????????????????????1????????????????????????N??????c???????????????????????????????????'3M????11???????????????????????n?????e-2????(?????????????????????*6to4mp?14??? ???????|???????????o?:????????????&????????????????????0??? ????????????????????????????$?N?????????????`?????????????????16???????e??????2???????2???????1???????1???????16??????pi??????????? ??????????????????????????????????????????????????????????????????? ???????F???????????????????0??1e??????1.??{00000000-0000-0000-0000-000000000000}??????@nettun.inf,%msft%;Microsoft?????????e??????E-??????9F??????????????????????????s5??? ???????|?????????????:????????????&????????????????????o??*6to4mp?.1????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ???????????????????????????e????? ???????c?????????????????????????e????? *?????????????????????????????????6.1.7600.16385????????????????????0?????????????? P???????????????????*???????????d?????????????????????????????????????????????????? ???????c?????,%i???????????????????n???e??{258ceb01-6c5d-11e1-8824-806e6f6e6963}???????????????????????B??? ??????????????n???????????B???? ??????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????nettun.inf??????? ??????????????????6to4mp.ndi??????? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????6to4mp.ndi??????????????????????????Microsoft???? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????????Microsoft?????????????????????????????????????????????????*?????????????????? ?????????????????????0??????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ????4???????????????????????? ??????????????????????????????????????????? *????????????? #??*6to4mp??????????????????????????????????????t??? ?????????????????????,????????z????????????????????f?????? #???? ?????????????????????????????????????????????????????????????????1-???????????B??????????????C5??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????0??C2??????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?36e??Karta Microsoft 6to4?2??????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????s?@?@nettu??? ?????????????????????0????????*???????????????????? l??????n?????.in??@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???????????????????????????????????????????? ???????????????????j??????????`????????e??? P??????c?????1-0??{47 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????? ?????????????????????0????????????&????????????????????-??????????? ?????????????????????0????????????????????????????????????????????*6to4mp?????Po??czenie lokalne* 49??????????????????????????????? ?????????????????????0????????~???????????? ?????????????????????0????????????????????? ??????????????????? ????????????????????????????????????????????s?????? ??)???????????x???? ???????????????????????????????????????f??? ?????????????????????0??L????????? ???????????USB\VID_058F&PID_6387&REV_0104?USB\VID_058F&PID_6387????USB\Class_08&SubClass_06&Prot_50?USB\Class_08&SubClass_06?USB\Class_08??z???{e75391ae-d2d7-5bde-882e-8ba1e67039f2}????????X?????????????? ?????????????????????0??L????????? ??????c36??? ?????????????????????0????????????&???????????????????????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????????????????????disk.inf???????????????????s\\??? ??????????????????wpdbusenum\fs??d??????N????????????D????????????????????4?????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????P6???????e??? ??#????8??????x6??????????????????????????????????? ????????????????????????"?????l?!?????????????????????????????????????*6to4mp?B-??????????????text?????????j???????????????????????????????????u???k??nettun.inf??52??nettun.inf?79F??Typ?????Typ?????storage\volume???????????????????9?????eA0??Typ?????????????int??j???????????????????????????????????????????????2????~??????{??0B????????????????????~?????? ??????? ?????????????????????0????????????????????????????????????????????????#???nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp??????? ?????????????????????0????????????&????????????????????t??6.1.7600.16385?4BE??Karta Microsoft 6to4??????`?????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????6.1.7600.16385????????:????????g????@nettun.inf,%msft%;Microsoft?F??????????????????????????????????????*6to4mp???????N?????????????????????? ?????????????????????0??????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????? ???????|???????????j?:????????????&????????????????????3???????????-?????e9A??? ?????????????????????0????????????????????????????????????wy??????????? ?????????????????????0?????????????????????????????m???e??????????????????????????????????????????? ??????????????????????????????"??? ??????1DE??? ???????T?????" "??? "??????A?????4C9??ndis5_ip6_tunnel?B??? ???????????????????????????????????????8??????? ???????9????????????????"?????l?*?????35??{4d36e972-e325-11ce-bfc1-08002be10318}?FA9??? ????????????????????????????$?N?;?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0059?3A??????????? ????????????N?????????????????{B5CB2E52-BBF7-4094-A6A2-9D83EA564CE8}???k???????????????e???????????y???????s??????????????? ??????? ?????owy??????????????????????te???????* ?????????? ?????????????????????0????????????&???????????????????????? ???????????????????k?0??????*?.??? ????????????????????e??????????d{??????2????0????????????.??????t??Mi??Po??czenie lokalne* 50??????????????????????????????4????1????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????BT??????????? ?????????????????????0????????????????????? ???????U???????????m?,??N?????$?+????????????????????? ??????????????????????????????????????????????????? ??????????????????????????????????????????????Typ?????????????????????????Adres sieciowy???????????????????????? ?????????????text????? ????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ????????*6to4mp?????nettun.inf??????????????????{5??? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????2??1D???????????0??52??????????? ?????????????????????0??????????????????????????????????????????????????????-4260-9668-E??? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????????6to4mp.ndi?743??????????????????????????????????? ???????@????????????????????$?N???????????????????? ????????????N?????????????????{3A0CDA0B-8C23-42DC-BCEB-C3FEBB7AD6C2}???????????????????????????????????????s??11??????????? ???????8???????????????????????????????7??????????????????????????????????el????$?????????????????ROOT\*6TO4MP\0121????????????????????????????????C???????????????????????h??????0-??*6to4mp???????????? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ?????i??? (?????????????????????????text????????????AT??tunnel??????????????Po??czenie lokalne* 239?el??.NTAMD64??????????8??????????????????e???????????4??????ic???????????????????????????????????????????????????B??int??????????????????????O???????????????&??V_??????????????????*6to4mp??????????????????????????e????????????(??????????????e??*6to4mp??????????????0??s???Microsoft????????????????????????????????????e??tunnel?-42??Microsoft???????????????????????????????????????6-21-2006???? ???????????????????????u??????????? x????????????s????Typ?????????????? ?????????????????????0????????????????????Volume??????????????*6to4mp?????????????????????????????????????????????????01??????????????????? ??????????????????*6to4mp?????? ???????|???????????r?:????????????&????????????????????"??? ???????5?????-48???????????9?????eFA??11??????????????????????????????????????*6to4mp??T???????????????????e????X??????????t????`??????????????????????????u??????????Net????????????????? $?20??? ?????????????????????0??????? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????*6to4mp?????{4d36e972-e325-11ce-bfc1-08002be10318}??????????? ???????9????????????????"?????l?????????????N?????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?9-0???????????}??sD??Net?ic??? ???????i?????49F??*6to4mp??D??? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0157?Ne??????????? ????????????????N?????????????????????????????????????????????????????????? ??????????????????????????????`????????e??????????????? P??????6?????546??{B36A931F-4B4A-47DD-BE4E-8016D86AC7C1}??06????????*??????-????d444??TCPIP6TUNNEL?Tcpip6??{????`??????6???9??\Device\{B36A931F-4B4A-47DD-BE4E-8016D86AC7C1}??3B??????????????????4F??????????????????????????? ???????????????????????????????????????f????????????????-5EA????N??????-?????DC3??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?D2E??? ???????0?????????????,????????$???????????????????????????e????>??????1??????Sterownik karty Microsoft 6to4?sc%??????????????? ??????????????????????????????"??? ????????i??? ???????k?????k?k??tunnel??????? "??????i?????olm??ndis5_ip6_tunnel?m??? ??????????????????????????????????????????????????????? ???????????????????????????????????????????????????????Z?????Z????Adres sieciowy?end???????????????????? ??????0???e??? ???????????????????????????????????????????????????c??????P6??Typ?????????????????????????????????????????????int??????????????B???????????T?????e0???????????????????????? ???????u???????u??????????????????????tunnel?????????????????????e??????N???????????D??????t???????;??? ??????????????????????????????`????????e??????????????? P??????B??????"N??{649ED490-3EEE-4BC9-B50F-1F6D56CDD720}??07????*???????????dT" ??TCPIP6TUNNEL?Tcpip6??E????????????`??????B???}??\Device\{649ED490-3EEE-4BC9-B50F-1F6D56CDD720}??BA???????????t??????cp? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????????Net??????????????1????cdcb???????????????8???t???????????D??45??Sterownik karty Microsoft 6to4?-75??? ??????????????????????????????"??? ??????05???? ???????T??????2???????? ??????????????????????????????`????????e??????????????? P?????????????????{E3D3C4EF-AED6-489D-8B14-596887CD29C4}????????*???????????d?????TCPIP6TUNNEL?Tcpip6???????????????`?????????????\Device\{E3D3C4EF-AED6-489D-8B14-596887CD29C4}??hu???????????I??????po??????????????????????????? ???????????????????????????????????????f????N????????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??,???? ???????0?????????????,????????$?????????i?????????????????e????>?????????????Sterownik karty Microsoft 6to4??????????????????????Adres sieciowy?1B6???????????8???t???? ??????A???"??? ??????????????????????????????????????-0???????????1????c75E???????????-???t???????????8??34??? ?????????????????????0????????????&???????????????????????????? ????? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ???8?????????9???????????????????t??? ???????7?????8???????0?????????????????????????????????u???????????8??? ?????????????8?????8?,????????`????????r???????????????????8??????????????t??????8??????????????????????????:??8????????h?????system32\DRIVERS\monitor.sys?????8?8?8?8?8????`??8?????????e????Microsoft Monitor Class Function Driver Service?????? ???????8???????????8?0???????????????????????8?????8???$???8??????????????????????????????$???4????? ??????? ????t?????????? ????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ? ? ? ? ? ? ? ? ? ? ? ? ? ????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ???/????COM4?R???????????????????-?????????4D8???8??? ???????8?????9???????0????????????????????? ???????8???????????8?0?????????????????????????????v??e\???????8???7??-4???????9???3??????CD??? ???????8?????8???????0???????????????????????8????????"??????g????? ???????n???????????8???? ???&????? ??????????????????????????????e ????????????????e???8?8.???????????????????????:??????????????M@????????@???????????????8??Net????????? ????????D?D?D???????T???????????????8???8??????????Net???????\??9???????????????8???????.??????????11???????????????????T???s???????????8?????????????? ????,??????????????????text????%SystemRoot%????Net?\*?????????????9????System?8????? ???????8???????????8?0?????????????????????????????3??CD???????8???F??-6??Intel????9???????8???C?????????????????????9?????9??? D??9???8??????????? ???-???????????????8????X??????&???&???8???????T???????????????????????????????????????~???~??????????Net?????Mouse???*6to4mp???????\??:???????????????????T???i??????ne???????????????8????????????????????? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ?????????????????????????????????????/???-???????.??1&841921d&0??6????N??/???o????D?????? `??/???????????7??? ???????,????????????????:????????????D?????????????8?W?W?@?8???????????4???????????????@?@?@??? ???/?????????e????? "??/?????????n????Adres sieciowy?e?????????.????????c?????*6to4mp?r????????????????????????1??Link-Layer Topology Discovery Mapper I/O Driver??&??? ???????A???????????/???????? ?(?1?????TO??volume.inf??????? ???/???-??????E5??volume_install?sso??? ???/???n??????t%???????/??????????{0???????/???m??????????? ???/?????????36e??Karta Microsoft 6to4?????????????????????????0??CmBatt?.?????????????/???e?????????????????s?????????/??????????LegacyDriver????? ??????? ?????????????,??????????*?&????????????????????????????/????????c??????????/??????????? (??????i??????????Microsoft????????????????????3?3?????? ??/??????????6-21-2006???volume.inf??AA??? ???/??????????n???6.1.7600.17122?o4m???????/???4??????????storage\volume???????/?/?/?/?/?/?/?/?????????????????h???????????????1???1??{3D2D9433-2 Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ?????????????????v???????G???????????e?????????nab???????????*???*???????????????????????e???????????????????????????i???????????s???????n??????????? B??i????????????????`??i?????????e????????????%SystemRoot%\system32\srvsvc.dll????Link-Layer Topology Discovery Mapper I/O Driver???????6??i????????????????B??i?????????n????lullabyFilter mini-filter driver?????????i???????4???i?i?i?i?i?i?i??system32\drivers\modem.sys????????,????????????e????????j?????????e??????"?????????p????????????d??di????"??j??????????Sterownik stacji dysk?w CD-ROM???????????????????????????????????m???7??????"{???????????n???j?j?j?j?j???j????????????????????????????????$??j????????h????????????????g????System32\CLFS.sys???????????????????????t?????????????????????????????Z??j?????????e????????????????????????int??n???????n?????t???????????????????g??????J??j?????????n???????? v??????????????t???@%SystemRoot%\system32\clfs.sys,-101??????(??j??????p????????j???????n??????????system32\DRIVERS\compbatt.sys?ompbatt.sys???RPCSS?? us???????n??????????????t???11??$???????text?:???s?s?s?s,???ROOT\vdrvroot????????????j?n?n?n?n???????????????????????????????n????????????????????4??j???????????????????????????????????????????????????????n??????p????????????????????????????~???????????????????????n???????????s??t.???????????j???j??????????? ???????n?????????????,????????~?P????????????????-?v??????????????t?????????????????????????????????????????P??j????????h?????\SystemRoot Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???r?u????^??i?????????e????Boot File System?????? ??h??????p?????`??i?????????e??????P??o?????????e????System32\DRIVERS\srv.sys?????????????r?????>??r??????????????%SystemRoot%\System32\umpo.dll???????r??????????????????????? ???????q???????????r???????? ?F?????????????????F??r??????????????%SystemRoot%\System32\netevent.dll???????????????????????????r?r????? ???????q???????????r???????? ?N???????t?????D??r??????????????%SystemRoot%\System32\ntprint.dll????????????????????????r?r?r???r?r?????r????????????????N??r????????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???y?????p???????y???;?????????????;?;???????x???????????????????????????????????????????y???;?????P?;???P????????????N?????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|?\4???????y???;???????????;???????y???;???????????;???y?????? y???;???????????;???????y???;???????;????X??????????????????x???;???????????;???????y???????????????y?????????????????e?????????????????y???;???????????????;???????x???;???????????;????????????X??????????????????{?{?{???y???????????????????y???????????????????????{?{?{??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31023|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|??