GMER 2.1.19324 - http://www.gmer.net Rootkit scan 2014-01-21 00:43:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB Running: 389pcm8d.exe; Driver: C:\Users\MANIKO~1\AppData\Local\Temp\uwldypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000149d80460 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000149d80450 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000149d80370 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000149d80470 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000149d803e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000149d80320 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000149d803b0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000149d80390 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000149d802e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000149d802d0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000149d80310 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000149d803c0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000149d803f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000149d80230 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000149d80480 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000149d803a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000149d802f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000149d80350 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000149d80290 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000149d802b0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000149d803d0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000149d80330 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000149d80410 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000149d80240 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000149d801e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000149d80250 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000149d80490 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000149d804a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000149d80300 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000149d80360 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000149d802a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000149d802c0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000149d80380 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000149d80340 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000149d80440 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000149d80260 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000149d80270 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000149d80400 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000149d801f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000149d80210 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000149d80200 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000149d80420 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000149d80430 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000149d80220 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000149d80280 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\wininit.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\wininit.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000149d80460 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000149d80450 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000149d80370 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000149d80470 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000149d803e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000149d80320 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000149d803b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000149d80390 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000149d802e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000149d802d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000149d80310 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000149d803c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000149d803f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000149d80230 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000149d80480 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000149d803a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000149d802f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000149d80350 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000149d80290 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000149d802b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000149d803d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000149d80330 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000149d80410 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000149d80240 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000149d801e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000149d80250 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000149d80490 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000149d804a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000149d80300 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000149d80360 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000149d802a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000149d802c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000149d80380 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000149d80340 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000149d80440 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000149d80260 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000149d80270 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000149d80400 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000149d801f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000149d80210 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000149d80200 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000149d80420 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000149d80430 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000149d80220 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000149d80280 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\services.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\services.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\winlogon.exe[712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\System32\svchost.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\System32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\System32\svchost.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\AUDIODG.EXE[1184] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\nvvsvc.exe[1512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\System32\spoolsv.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[1952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe[1036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\Dwm.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[2552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[2552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76] .text ... * 2 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\System32\StikyNot.exe[2232] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Windows\system32\svchost.exe[2620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[3556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Windows\System32\svchost.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe[3796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe[3796] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76] .text C:\Users\Manikowscy\AppData\Roaming\Dropbox\bin\Dropbox.exe[3796] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76] .text ... * 2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76] .text ... * 2 .text C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76] .text C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76] .text ... * 2 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[4212] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76] .text ... * 2 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wuauclt.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe[4332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3580] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] ? C:\Windows\system32\mssprxy.dll [3580] entry point in ".rdata" section 000000006ea071e6 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280 .text C:\Users\Manikowscy\Downloads\FRST64.exe[2492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007791eecd 1 byte [62] .text C:\Users\Manikowscy\Downloads\389pcm8d.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075afa2ba 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001098e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001098c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001099614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001099a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800109986c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800667c2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800667c2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800667c2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 fffffa800667c2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800667c2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800667c2c0 Device \Driver\a0r72jej \Device\Scsi\a0r72jej1Port4Path0Target0Lun0 fffffa80081cf2c0 Device \Driver\a4tijujn \Device\Scsi\a4tijujn1Port5Path0Target0Lun0 fffffa80081d12c0 Device \Driver\a0r72jej \Device\Scsi\a0r72jej1 fffffa80081cf2c0 Device \Driver\a4tijujn \Device\Scsi\a4tijujn1 fffffa80081d12c0 Device \FileSystem\Ntfs \Ntfs fffffa80066802c0 Device \FileSystem\fastfat \Fat fffffa80092b22c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80081052c0 Device \Driver\cdrom \Device\CdRom0 fffffa80079fc2c0 Device \Driver\cdrom \Device\CdRom1 fffffa80079fc2c0 Device \Driver\cdrom \Device\CdRom2 fffffa80079fc2c0 Device \Driver\cdrom \Device\CdRom3 fffffa80079fc2c0 Device \Driver\dtsoftbus01 \Device\0000006b fffffa80078702c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80081052c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80078702c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D74FCC76-8F64-4828-B568-8F8272AB862D} fffffa8007a022c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80081052c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007a022c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800667c2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80081052c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800667c2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800667c2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800667c2c0 Device \Driver\a0r72jej \Device\ScsiPort4 fffffa80081cf2c0 Device \Driver\a4tijujn \Device\ScsiPort5 fffffa80081d12c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800667c2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800667c2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076ff060] fffffa80076ff060 Trace 3 CLASSPNP.SYS[fffff88000e5943f] -> nt!IofCallDriver -> [0xfffffa80074bf520] fffffa80074bf520 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074c4060] fffffa80074c4060 Trace \Driver\atapi[0xfffffa800721c920] -> IRP_MJ_CREATE -> 0xfffffa800667c2c0 fffffa800667c2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a0r72jej.SYS fffff880075b4000-fffff880075ff000 (307200 bytes) Module \SystemRoot\System32\Drivers\a4tijujn.SYS fffff880076c0000-fffff88007711000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3840:4740] 000007feefd39688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6076:4196] 000007fefbc92a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6076:4008] 000007feeb504830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6076:2376] 000007fef5f15124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6076:5732] 000007feeb489d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6076:5872] 000007feeb504830 ---- Services - GMER 2.1 ---- Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!! Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!! Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 84 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 4396462 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@CreationTime 0xA6 0x90 0x3E 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1382010053")?DeleteFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1382010053")? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@StartBootCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@StartTickCounter 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382010053@LastPackageError -1073741772 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281@CreationTime 0xBC 0x04 0xBD 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281@SetupOperations MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1382089281","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1382089281","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281@StartBootCounter 5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382089281@StartTickCounter 39806 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@CreationTime 0xB7 0x65 0xED 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1383946311")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1383946311")? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@StartBootCounter 32 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@StartTickCounter 666393 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946311@LastPackageError -1073741772 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902@ Commited Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902@CreationTime 0x34 0x74 0x35 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387273902","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387273902","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902@StartBootCounter 69 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387273902@StartTickCounter 2595307 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x05 0xE1 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x21 0xBF 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x93 0x5B 0x37 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x60 0xE5 0xF8 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xCC 0x03 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xFF 0xCC 0x41 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 84 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 4396462 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@CreationTime 0xA6 0x90 0x3E 0xBC ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1382010053")?DeleteFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1382010053")? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@StartBootCounter 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@StartTickCounter 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382010053@LastPackageError -1073741772 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281@CreationTime 0xBC 0x04 0xBD 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281@SetupOperations MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1382089281","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1382089281","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281@StartBootCounter 5 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382089281@StartTickCounter 39806 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@CreationTime 0xB7 0x65 0xED 0xEF ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1383946311")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.1383946311")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1383946311")? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@StartBootCounter 32 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@StartTickCounter 666393 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946311@LastPackageError -1073741772 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902@ Commited Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902@BootTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902@TickTimeout 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902@CreationTime 0x34 0x74 0x35 0x97 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387273902","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387273902","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902@StartBootCounter 69 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387273902@StartTickCounter 2595307 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x05 0xE1 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x21 0xBF 0x0A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x93 0x5B 0x37 0x4A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x60 0xE5 0xF8 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xCC 0x03 0x0B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xFF 0xCC 0x41 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----