GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-09 01:16:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.EC2O 298,09GB Running: n5pe5cmn.exe; Driver: C:\Users\User_2\AppData\Local\Temp\pxliraoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035fa000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035fa02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000149ad0460 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000149ad0450 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000149ad0370 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000149ad0470 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 0000000149ad03e0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000149ad0320 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 0000000149ad03b0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000149ad0390 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 0000000149ad02e0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 0000000149ad02d0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000149ad0310 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 0000000149ad03c0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 0000000149ad03f0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000149ad0230 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000149ad0480 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 0000000149ad03a0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 0000000149ad02f0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000149ad0350 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000149ad0290 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 0000000149ad02b0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 0000000149ad03d0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000149ad0330 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000149ad0410 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000149ad0240 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 0000000149ad01e0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000149ad0250 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000149ad0490 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 0000000149ad04a0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000149ad0300 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000149ad0360 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 0000000149ad02a0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 0000000149ad02c0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000149ad0380 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000149ad0340 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000149ad0440 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000149ad0260 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000149ad0270 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000149ad0400 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 0000000149ad01f0 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000149ad0210 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000149ad0200 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000149ad0420 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000149ad0430 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000149ad0220 .text C:\windows\system32\csrss.exe[512] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000149ad0280 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000149ad0460 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000149ad0450 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000149ad0370 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000149ad0470 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 0000000149ad03e0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000149ad0320 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 0000000149ad03b0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000149ad0390 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 0000000149ad02e0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 0000000149ad02d0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000149ad0310 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 0000000149ad03c0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 0000000149ad03f0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000149ad0230 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000149ad0480 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 0000000149ad03a0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 0000000149ad02f0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000149ad0350 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000149ad0290 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 0000000149ad02b0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 0000000149ad03d0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000149ad0330 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000149ad0410 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000149ad0240 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 0000000149ad01e0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000149ad0250 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000149ad0490 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 0000000149ad04a0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000149ad0300 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000149ad0360 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 0000000149ad02a0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 0000000149ad02c0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000149ad0380 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000149ad0340 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000149ad0440 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000149ad0260 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000149ad0270 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000149ad0400 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 0000000149ad01f0 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000149ad0210 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000149ad0200 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000149ad0420 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000149ad0430 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000149ad0220 .text C:\windows\system32\csrss.exe[592] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000149ad0280 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\wininit.exe[600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\wininit.exe[600] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\winlogon.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\winlogon.exe[656] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\lsass.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[820] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[820] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe[908] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[960] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[960] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\System32\svchost.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\System32\svchost.exe[536] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[728] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files\IDT\WDM\STacSV64.exe[556] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000100040460 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000100040450 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000100040370 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000100040470 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000001000403e0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000100040320 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000001000403b0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000100040390 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000001000402e0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000001000402d0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000100040310 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000001000403c0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000001000403f0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000100040230 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000100040480 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000001000403a0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000001000402f0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000100040350 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000100040290 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000001000402b0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000001000403d0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000100040330 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000100040410 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000100040240 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000001000401e0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000100040250 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000100040490 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000001000404a0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000100040300 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000100040360 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000001000402a0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000001000402c0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000100040380 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000100040340 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000100040440 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000100040260 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000100040270 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000100040400 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000001000401f0 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000100040210 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000100040200 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000100040420 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000100040430 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000100040220 .text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000100040280 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\vcsFPService.exe[1436] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[1512] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[1512] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[1624] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\System32\spoolsv.exe[1880] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1952] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe[1340] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\IDT\WDM\AESTSr64.exe[1720] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1740] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1736] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[940] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe[2116] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2204] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe[2236] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe[2280] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe[2308] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe[2352] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[2452] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2556] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe[2636] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2656] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[2732] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006f1111a8 2 bytes [11, 6F] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006f1113a8 2 bytes [11, 6F] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006f111422 2 bytes [11, 6F] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006f111498 2 bytes [11, 6F] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006ef31b41 2 bytes [F3, 6E] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006ef31be8 2 bytes [F3, 6E] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006ef31c20 2 bytes [F3, 6E] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006ef31cd2 2 bytes [F3, 6E] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2784] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006ef31cf2 2 bytes [F3, 6E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2824] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000100060460 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000100060450 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000100060370 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000100060470 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000001000603e0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000100060320 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000001000603b0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000100060390 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000001000602e0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000001000602d0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000100060310 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000001000603c0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000001000603f0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000100060230 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000100060480 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000001000603a0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000001000602f0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000100060350 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000100060290 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000001000602b0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000001000603d0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000100060330 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000100060410 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000100060240 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000001000601e0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000100060250 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000100060490 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000001000604a0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000100060300 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000100060360 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000001000602a0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000001000602c0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000100060380 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000100060340 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000100060440 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000100060260 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000100060270 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000100060400 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000001000601f0 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000100060210 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000100060200 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000100060420 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000100060430 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000100060220 .text C:\windows\system32\taskhost.exe[3488] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000100060280 .text c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[3504] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\Dwm.exe[3576] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[3712] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\Explorer.EXE[3720] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\Explorer.EXE[3720] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4052] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe[4164] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4308] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4316] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4328] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Windows\System32\igfxtray.exe[4348] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Windows\System32\hkcmd.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Windows\System32\igfxpers.exe[4380] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe[4456] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files\IDT\WDM\sttray64.exe[4484] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe[4516] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe[4516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Users\User_2\AppData\Roaming\Spotify\spotify.exe[4620] C:\windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000773b000c 1 byte [C3] .text C:\Users\User_2\AppData\Roaming\Spotify\spotify.exe[4620] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007743f8ea 5 bytes JMP 00000001773ed5c1 .text C:\Users\User_2\AppData\Roaming\Spotify\spotify.exe[4620] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Users\User_2\AppData\Roaming\Spotify\spotify.exe[4620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Users\User_2\AppData\Roaming\Spotify\spotify.exe[4620] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4688] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe[4892] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4984] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Users\User_2\AppData\Roaming\Dropbox\bin\Dropbox.exe[5000] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Users\User_2\AppData\Roaming\Dropbox\bin\Dropbox.exe[5000] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Users\User_2\AppData\Roaming\Dropbox\bin\Dropbox.exe[5000] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 00000001001f0460 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 00000001001f0450 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 00000001001f0370 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 00000001001f0470 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000001001f03e0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 00000001001f0320 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000001001f03b0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 00000001001f0390 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000001001f02e0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000001001f02d0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 00000001001f0310 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000001001f03c0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000001001f03f0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 00000001001f0230 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 00000001001f0480 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000001001f03a0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000001001f02f0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 00000001001f0350 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 00000001001f0290 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000001001f02b0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000001001f03d0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 00000001001f0330 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 00000001001f0410 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 00000001001f0240 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000001001f01e0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 00000001001f0250 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 00000001001f0490 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000001001f04a0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 00000001001f0300 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 00000001001f0360 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000001001f02a0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000001001f02c0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 00000001001f0380 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 00000001001f0340 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 00000001001f0440 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 00000001001f0260 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 00000001001f0270 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 00000001001f0400 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000001001f01f0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 00000001001f0210 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 00000001001f0200 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 00000001001f0420 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 00000001001f0430 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 00000001001f0220 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 00000001001f0280 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[3384] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[4000] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\SearchIndexer.exe[916] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[436] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4208] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe[3768] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe[3768] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe[3768] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1096] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076928791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1096] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[4748] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000100070460 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000100070450 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000100070370 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000100070470 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000001000703e0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000100070320 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000001000703b0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000100070390 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000001000702d0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000100070310 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000001000703c0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000100070230 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000100070480 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000100070350 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000100070290 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000100070330 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000100070410 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000100070240 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000100070250 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000100070490 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000100070300 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000100070360 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000001000702a0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000001000702c0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000100070380 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000100070340 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000100070440 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000100070260 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000100070270 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000100070400 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000100070210 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000100070200 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000100070420 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000100070430 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\iPod\bin\iPodService.exe[5340] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\wbem\wmiprvse.exe[5672] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[5808] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe[6004] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000100070460 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000100070450 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000100070370 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000100070470 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000001000703e0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000100070320 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000001000703b0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000100070390 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000100070310 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000001000703c0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000100070230 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000100070480 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000001000703d0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000100070410 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000100070250 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000100070490 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000100070440 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000100070420 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000100070430 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\wbem\unsecapp.exe[5016] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\DllHost.exe[6432] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6688] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6688] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6688] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6696] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6820] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6924] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[6924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[184] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6108] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[6364] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[6572] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[3616] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[2100] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6780] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[3360] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3840] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[3644] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\igfxext.exe[7508] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\windows\system32\igfxsrvc.exe[7544] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[7940] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[7940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a21465 2 bytes [A2, 76] .text C:\Users\User_2\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[7940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a214bb 2 bytes [A2, 76] .text ... * 2 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077211360 5 bytes JMP 0000000077370460 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772113b0 5 bytes JMP 0000000077370450 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211510 5 bytes JMP 0000000077370370 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077211560 5 bytes JMP 0000000077370470 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077211570 5 bytes JMP 00000000773703e0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211620 5 bytes JMP 0000000077370320 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077211650 5 bytes JMP 00000000773703b0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077211670 5 bytes JMP 0000000077370390 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772116b0 5 bytes JMP 00000000773702e0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211730 5 bytes JMP 00000000773702d0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077211750 5 bytes JMP 0000000077370310 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077211790 5 bytes JMP 00000000773703c0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772117e0 5 bytes JMP 00000000773703f0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077211940 5 bytes JMP 0000000077370230 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b00 5 bytes JMP 0000000077370480 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b30 5 bytes JMP 00000000773703a0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c10 5 bytes JMP 00000000773702f0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c20 5 bytes JMP 0000000077370350 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211c80 5 bytes JMP 0000000077370290 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d10 5 bytes JMP 00000000773702b0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d30 5 bytes JMP 00000000773703d0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211d40 5 bytes JMP 0000000077370330 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211db0 5 bytes JMP 0000000077370410 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211de0 5 bytes JMP 0000000077370240 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772120a0 5 bytes JMP 00000000773701e0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077212160 5 bytes JMP 0000000077370250 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077212190 5 bytes JMP 0000000077370490 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772121a0 5 bytes JMP 00000000773704a0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772121d0 5 bytes JMP 0000000077370300 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772121e0 5 bytes JMP 0000000077370360 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077212240 5 bytes JMP 00000000773702a0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077212290 5 bytes JMP 00000000773702c0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772122c0 5 bytes JMP 0000000077370380 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772122d0 5 bytes JMP 0000000077370340 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772125c0 5 bytes JMP 0000000077370440 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772127c0 5 bytes JMP 0000000077370260 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772127d0 5 bytes JMP 0000000077370270 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772127e0 5 bytes JMP 0000000077370400 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772129a0 5 bytes JMP 00000000773701f0 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772129b0 5 bytes JMP 0000000077370210 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a20 5 bytes JMP 0000000077370200 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212a80 5 bytes JMP 0000000077370420 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212a90 5 bytes JMP 0000000077370430 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212aa0 5 bytes JMP 0000000077370220 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212b80 5 bytes JMP 0000000077370280 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000770b9040 13 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 14 00000000770b904e 1 byte INT3 .text C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\7koinwge.default-1389984536374\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe[7432] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000770fef8d 1 byte [62] .text C:\Users\User_2\Downloads\n5pe5cmn.exe[3592] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007694a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2432] 00000000773f3e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2448] 00000000773f2e65 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2592] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2596] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2600] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2604] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2608] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2612] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2616] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2620] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2624] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2628] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2900] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2904] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:2908] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3088] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3092] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3096] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3100] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3104] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3112] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3152] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3160] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3164] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3184] 00000000773f3e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3256] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3424] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3428] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3432] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:3536] 000000006fe929e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2396:4060] 000000006fe929e1 ---- Processes - GMER 2.1 ---- Library C:\Users\User_2\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\User_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [5000](2014-08-15 18:46:08) 00000000041c0000 Library c:\users\user_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd3u__o.dll (*** suspicious ***) @ C:\Users\User_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [5000](2014-09-08 21:15:41) 0000000004810000 Library C:\Users\User_2\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\User_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [5000](2013-08-23 19:01:44) 00000000616d0000 Library C:\Users\User_2\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\User_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [5000] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000060d40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@0016b872101e 0x97 0xEB 0x3F 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@78ca0475126b 0x5F 0x0C 0x1A 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@001a75b085ab 0x9D 0x00 0xDC 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@a00798cf40d3 0x32 0xDF 0x89 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@002403cae90d 0x2B 0x25 0xFC 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@28d1af5172ea 0xC2 0xA8 0x68 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@847a88f0361c 0x2B 0x1F 0xED 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b4cd692@1caba7185777 0x18 0x38 0xF4 0xBC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692@0016b872101e 0x97 0xEB 0x3F 0x07 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692@78ca0475126b 0x5F 0x0C 0x1A 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692@001a75b085ab 0x9D 0x00 0xDC 0x9D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692@a00798cf40d3 0x32 0xDF 0x89 0xDA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692@002403cae90d 0x2B 0x25 0xFC 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692@28d1af5172ea 0xC2 0xA8 0x68 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b4cd692@847a88f0361c 0x2B 0x1F 0xED 0x20 ... ---- EOF - GMER 2.1 ----