Sony Laptop Freezing and going Slow
My laptop has been going very slow lately and freezing a lot. Can anyone help me try to see if it has a virus or something? It's a Sony Vaio running Windows 7 home 64 bit
|
Hello, SirSnoop
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
|
OTL logfile created on: 6/5/2013 10:03:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.49% Memory free 15.90 Gb Paging File | 13.85 Gb Available in Paging File | 87.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 585.02 Gb Total Space | 546.60 Gb Free Space | 93.43% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 84.74 Mb Free Space | 84.75% Space Free | Partition Type: NTFS Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/05 10:02:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe PRC - [2013/05/23 01:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/05/04 12:12:58 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe PRC - [2013/04/23 03:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2013/04/23 03:48:17 | 004,171,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe PRC - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013/04/23 03:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2012/01/09 00:49:06 | 000,913,429 | ---- | M] () -- C:\Users\Public\Documents\Fiverr\Backlink Speed.EXE PRC - [2011/04/17 13:38:12 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe PRC - [2011/04/17 11:45:14 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/04/17 11:45:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011/02/15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/05/23 01:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgoo glenaclpluginchrome.dll MOD - [2013/05/23 01:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.d ll MOD - [2013/05/23 01:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libgl esv2.dll MOD - [2013/05/23 01:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libeg l.dll MOD - [2013/05/23 01:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpe gsumo.dll MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/01/09 00:49:06 | 000,913,429 | ---- | M] () -- C:\Users\Public\Documents\Fiverr\Backlink Speed.EXE ========== Services (SafeList) ========== SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/12/17 14:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010/12/17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010/12/17 14:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/21 11:43:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/11/19 10:50:38 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011/04/17 13:38:12 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/04/17 11:45:14 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/04/17 11:45:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013/05/09 04:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/12/13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012/11/19 10:50:38 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/18 01:45:48 | 001,591,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/04/17 13:38:34 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/04/17 12:27:04 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011/04/17 12:16:14 | 001,388,592 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/04/17 11:45:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/08/03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 F5 AA 8C DA 27 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox" FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_70 0_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122 .dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\n pFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgo ogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1 d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgt po3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.1 45\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.1 45\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/28 19:15:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/24 22:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions [2013/04/30 00:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Prof iles\c733xhzn.default\extensions [2013/04/30 00:01:12 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Prof iles\c733xhzn.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013/05/21 23:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/05/21 23:00:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/05/28 19:15:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instant ExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Peppe rFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoo gleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.d ll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\ CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki\8.0.7_0\ CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\Alan\AppData\Local\Facebook\Update\Facebo okUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{2E010F3E-B3C9-4C67-A213-567A001C7086}: DhcpNameServer = 65.32.5.111 65.32.5.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{DB48E44F-C5A0-4700-8A9C-21770438DF44}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/05 10:02:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe [2013/05/29 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013/05/29 21:05:37 | 001,388,592 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys [2013/05/29 21:05:37 | 000,218,920 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll [2013/05/29 21:05:37 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll [2013/05/29 21:05:37 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll [2013/05/29 21:05:36 | 000,271,144 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll [2013/05/29 21:05:36 | 000,214,312 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll [2013/05/29 21:05:35 | 000,400,168 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll [2013/05/29 21:05:35 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll [2013/05/29 20:58:48 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\ElevatedDiagnostics [2013/05/23 22:19:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/05/23 20:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2013/05/23 10:29:41 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2013/05/21 11:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/05/21 11:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/05/21 11:40:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013/05/19 20:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/05/16 11:32:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013/05/13 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013/05/12 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2013/05/12 16:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013/05/12 16:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013/05/12 13:10:19 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Facebook [2013/05/12 13:07:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Skype [2013/05/12 13:07:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/05/12 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/05/12 13:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/05/12 13:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype ========== Files - Modified Within 30 Days ========== [2013/06/05 10:02:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe [2013/06/05 09:57:47 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/05 09:57:47 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/05 09:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/05 09:37:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/05 09:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job [2013/06/05 09:18:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/05 08:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/05 08:08:12 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys [2013/06/05 07:17:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job [2013/06/04 22:29:09 | 000,795,068 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/06/04 22:29:09 | 000,661,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/06/04 22:29:09 | 000,121,736 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/06/04 22:28:28 | 000,770,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/06/04 21:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job [2013/06/04 20:51:21 | 760,858,927 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/06/04 13:15:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job [2013/05/29 19:05:13 | 000,306,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/29 08:03:37 | 000,000,608 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130529_080334.reg [2013/05/29 08:03:27 | 000,000,082 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130529_080325.reg [2013/05/28 19:15:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/05/25 09:33:10 | 000,000,024 | ---- | M] () -- C:\Windows\Backlink Speed.INI [2013/05/24 18:38:27 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/05/23 23:19:45 | 000,003,696 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130523_231943.reg [2013/05/21 23:00:18 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/05/21 15:58:58 | 027,304,187 | ---- | M] () -- C:\Users\Alan\AppData\Local\census.cache [2013/05/21 15:36:39 | 000,145,808 | ---- | M] () -- C:\Users\Alan\AppData\Local\ars.cache [2013/05/21 13:23:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumd32.dll [2013/05/21 13:23:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\CRTDLL.dll [2013/05/21 13:14:39 | 000,000,036 | ---- | M] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache [2013/05/21 11:03:48 | 000,003,594 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130521_110345.reg [2013/05/19 20:16:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/05/17 10:02:28 | 000,008,192 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130517_100226.reg [2013/05/13 06:55:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/12 13:07:48 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/05/12 10:13:00 | 000,010,696 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130512_101257.reg [2013/05/12 10:11:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/05/09 04:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013/05/09 04:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe ========== Files Created - No Company Name ========== [2013/06/04 22:28:28 | 000,770,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/06/04 20:51:21 | 760,858,927 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/05/29 19:04:46 | 000,306,928 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/29 08:03:36 | 000,000,608 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130529_080334.reg [2013/05/29 08:03:27 | 000,000,082 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130529_080325.reg [2013/05/23 23:19:44 | 000,003,696 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130523_231943.reg [2013/05/21 15:58:58 | 027,304,187 | ---- | C] () -- C:\Users\Alan\AppData\Local\census.cache [2013/05/21 15:36:39 | 000,145,808 | ---- | C] () -- C:\Users\Alan\AppData\Local\ars.cache [2013/05/21 13:23:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumd32.dll [2013/05/21 13:23:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\CRTDLL.dll [2013/05/21 13:14:39 | 000,000,036 | ---- | C] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache [2013/05/21 11:03:46 | 000,003,594 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130521_110345.reg [2013/05/19 20:16:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/05/17 10:02:27 | 000,008,192 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130517_100226.reg [2013/05/12 13:10:20 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job [2013/05/12 13:10:20 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job [2013/05/12 13:07:48 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013/05/12 10:12:59 | 000,010,696 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130512_101257.reg [2013/05/09 18:15:37 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job [2013/05/09 18:15:36 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job [2013/03/14 21:54:32 | 000,000,024 | ---- | C] () -- C:\Windows\Backlink Speed.INI [2013/03/14 12:39:55 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2013/03/14 12:39:54 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2013/03/14 12:39:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/03/15 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\IBP [2013/04/03 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Samsung [2013/05/11 14:09:26 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Spotify [2013/06/03 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > |
OTL Extras logfile created on: 6/5/2013 10:03:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.49% Memory free 15.90 Gb Paging File | 13.85 Gb Available in Paging File | 87.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 585.02 Gb Total Space | 546.60 Gb Free Space | 93.43% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 84.74 Mb Free Space | 84.75% Space Free | Partition Type: NTFS Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0C816934-4205-4992-8186-107F20124ADD}" = rport=137 | protocol=17 | dir=out | app=system | "{0C9B2798-4EDA-4D8D-8BA1-6370D5AADB85}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0DB6D6C1-ABEE-491C-8727-C5730536C002}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{20F0CE1F-8848-4E11-B13C-FE394C56FCB4}" = lport=138 | protocol=17 | dir=in | app=system | "{26BF0E16-0ECE-4BBE-8850-7DF533E1D33B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2FA098BA-89C9-4B00-B595-E87C7DAC1F0C}" = rport=445 | protocol=6 | dir=out | app=system | "{4BB30F2D-263C-4349-8007-05934BA0A721}" = lport=445 | protocol=6 | dir=in | app=system | "{4DE65BE9-0F24-48E4-8DD8-68AF8E5B7191}" = lport=2869 | protocol=6 | dir=in | app=system | "{515165CB-1BED-4906-9296-3D10E65AE9EB}" = rport=138 | protocol=17 | dir=out | app=system | "{5C26902F-456F-430F-B1CD-24CF1F91BF5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{611EC525-A703-43C5-A109-73BFF7118AA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{7909DE43-7ADE-4CCD-B0AA-B78057258805}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A4E905FF-492B-4DF5-9623-A13A9D1AE863}" = lport=137 | protocol=17 | dir=in | app=system | "{AB4E3432-4AB6-4E3E-A3A9-C084BC6785BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF492BA3-B261-4E80-BBAE-BF82455D1CFE}" = lport=139 | protocol=6 | dir=in | app=system | "{B19688D2-DD0E-420C-92AA-D9C9649C9C30}" = rport=139 | protocol=6 | dir=out | app=system | "{C6D0DA57-D639-4CF0-93BC-5860D611E17D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DE177533-C0CB-4D38-872A-9E5ED36CCB39}" = rport=10243 | protocol=6 | dir=out | app=system | "{E3AD8AFE-9550-4618-810B-A2A2B3B72165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EAD5984A-1DD3-4E38-93A9-6BE5D9A58CA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F5DEBCD4-731A-4428-89B2-DDAA9D7E4071}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F71487AC-5D4E-45BE-9E31-5D4A00E9F3CC}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0513AD2E-B210-4D1C-925D-05C5B1A8C8C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{08487676-4640-42AC-8CF6-0455490AA443}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe | "{1277C5F2-9389-4522-A09C-BF1BD69DE57C}" = dir=in | app=c:\users\alan\appdata\local\facebook\video\sky pe\facebookvideocalling.exe | "{220E6A62-D52D-4DCC-AEA7-B22DB7013615}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{32E8BF64-F436-4751-8F0F-9AD854C7FBAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{33D3A882-15B1-40AF-A56E-A8CEF8DF0EFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{34741D98-6F18-43CA-9121-B14D2ECD9379}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe | "{36429F05-52B6-4C68-9629-8E28BF829564}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3AE52969-CDD8-4308-A039-3B973FED1AAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3DCFED61-A150-433B-9A69-6983DA08A960}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3E28FD0D-14F3-4466-BFE6-D5D855007064}" = protocol=17 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe | "{42619A45-10A6-436D-98C1-A446EC12360B}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe | "{4B227E8E-2C3B-4654-89BB-BB78481FF60F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{63981D31-B187-4C25-9322-8B116D21552B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{63FB433C-A423-44B0-A1FE-62FCAF4BD08D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{6479A286-032F-4FF4-AFC9-159F73AA1CD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BCB7067-B7D0-4E8F-8274-C0B127D4D71A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{72DCF63E-8AE7-4AE0-AD24-580A57D62D60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{74E35363-3205-40CB-92C1-27D786C148A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{75C3851E-F5AC-413A-9337-795DDF6D7939}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{7AA13238-4A68-4EAE-A76D-1BBFF7A20586}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{826992D9-2520-4E08-9219-2C716E6573B2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{8D7A91BF-7C76-4217-96CD-0506C1E63833}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{913DE6A2-6BA0-48EC-83D4-24A169E4032C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{94B38D21-B646-4625-BFDE-E3A6D0438AFE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{94F92F06-79F0-44B0-A4B3-00E4D67DB276}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A01EC770-DCF3-4A9C-8D8B-69FDA169A540}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{A2DE5DF9-0066-4956-9BB4-3E050527BAA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A4BD904F-2904-4A46-B4C0-54C1E608415D}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe | "{A7643E1E-F707-42B6-9078-13897DFE3B64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A8DF026A-4E25-45B2-83C1-8ECC0606CA48}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A906998E-0DB0-4161-85CA-ABD59E46E711}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AB3952BB-A75F-48C1-B9E7-399BE37206D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{AB656C5D-913B-4BB1-A161-F78B81BE36CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B1225E7E-C52E-4888-AEC4-97C673639CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{B3BD38D9-F510-4439-9AAA-E723A45C8AE8}" = protocol=6 | dir=out | app=system | "{B85251C6-D04D-47A9-88BF-67232C17A7E9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{B999EA4F-68C2-49CB-99FB-8254E6988E44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C35CDF42-581B-41F9-BB8E-F8D5E4236BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C3D8D936-5B1C-4A46-9381-580775451FC0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{D7A6014C-DBF1-463B-B9E3-CC6AA5886F93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E3C17ADB-E8DA-4E87-8A2A-100DBB7B743E}" = protocol=6 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe | "{EC895452-442D-4119-AA4B-46430C7435A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EE866F53-54EB-46B0-B1FE-1FA9067F06B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin "{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FBC0353C-CAFA-4648-91BC-9299774A80E8}" = Mp3 Song Plays Increaser "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FE8974B4-479C-4DBA-8544-9E5342ABB26A}" = Keyboard Shortcuts "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "avast" = avast! Free Antivirus "Google Chrome" = Google Chrome "HMA! Pro VPN" = HMA! Pro VPN 2.7.1.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Revo Uninstaller" = Revo Uninstaller 1.94 "STANDARDR" = Microsoft Office Standard 2007 "TeamViewer 8" = TeamViewer 8 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/5/2013 7:07:52 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 27561243 Error - 6/5/2013 7:07:53 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/5/2013 7:07:53 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 27562257 Error - 6/5/2013 7:07:53 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 27562257 Error - 6/5/2013 7:07:54 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/5/2013 7:07:54 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 27563442 Error - 6/5/2013 7:07:54 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 27563442 Error - 6/5/2013 7:56:04 AM | Computer Name = Alan-PC | Source = WinMgmt | ID = 10 Description = Error - 6/5/2013 8:07:18 AM | Computer Name = Alan-PC | Source = WinMgmt | ID = 10 Description = Error - 6/5/2013 8:08:59 AM | Computer Name = Alan-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. < End of report > |
Quote:
Please download GMER from one of the following locations and save it to your desktop:
|
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-05 21:03:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6465GSXN rev.GB001H 596.17GB Running: o038jgxc.exe; Driver: C:\Users\Alan\AppData\Local\Temp\kxldrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 000000014a020470 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 000000014a020460 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 000000014a020370 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 000000014a020480 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000014a0203e0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 000000014a020320 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 000000014a0203b0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 000000014a020390 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 000000014a0202e0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 000000014a020440 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 000000014a0202d0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 000000014a020310 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 000000014a0203c0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 000000014a0203f0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 000000014a020230 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffffd31ce890} .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 000000014a020490 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 000000014a0203a0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 000000014a0202f0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 000000014a020350 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 000000014a020290 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 000000014a0202b0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 000000014a0203d0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 000000014a020330 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffffd31ce590} .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 000000014a020410 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 000000014a020240 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 000000014a0201e0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 000000014a020250 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffffd31ce090} .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 000000014a0204a0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 000000014a0204b0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 000000014a020300 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 000000014a020360 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 000000014a0202a0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 000000014a0202c0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 000000014a020380 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 000000014a020340 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 000000014a020450 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 000000014a020260 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 000000014a020270 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 000000014a020400 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 000000014a0201f0 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 000000014a020210 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 000000014a020200 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 000000014a020420 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 000000014a020430 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 000000014a020220 .text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 000000014a020280 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 000000014a020470 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 000000014a020460 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 000000014a020370 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 000000014a020480 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000014a0203e0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 000000014a020320 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 000000014a0203b0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 000000014a020390 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 000000014a0202e0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 000000014a020440 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 000000014a0202d0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 000000014a020310 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 000000014a0203c0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 000000014a0203f0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 000000014a020230 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffffd31ce890} .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 000000014a020490 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 000000014a0203a0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 000000014a0202f0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 000000014a020350 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 000000014a020290 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 000000014a0202b0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 000000014a0203d0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 000000014a020330 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffffd31ce590} .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 000000014a020410 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 000000014a020240 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 000000014a0201e0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 000000014a020250 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffffd31ce090} .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 000000014a0204a0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 000000014a0204b0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 000000014a020300 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 000000014a020360 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 000000014a0202a0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 000000014a0202c0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 000000014a020380 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 000000014a020340 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 000000014a020450 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 000000014a020260 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 000000014a020270 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 000000014a020400 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 000000014a0201f0 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 000000014a020210 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 000000014a020200 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 000000014a020420 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 000000014a020430 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 000000014a020220 .text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 000000014a020280 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 |
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\wininit.exe[480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\winlogon.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890} .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590} .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090} .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 |
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890} .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590} .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090} .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 |
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\svchost.exe[880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\svchost.exe[912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090} .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330 |
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590}
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090} .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[1456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 |
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[1012] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075391465 2 bytes [39, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753914bb 2 bytes [39, 75] .text ... * 2 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000f01f8 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000f03fc .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000f0804 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000f0600 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000f0a08 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100101014 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100100804 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100100a08 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100100c0c .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100100e10 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001001f8 .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001003fc .text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100100600 .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010022075c .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002203a4 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100220b14 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100220ecc .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010022163c .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100221284 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002219f4 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000d01f8 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000d03fc .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000d0804 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000d0600 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000d0a08 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001000e1014 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001000e0804 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001000e0a08 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001000e0c0c .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001000e0e10 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001000e01f8 .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001000e03fc .text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001000e0600 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 00000001001a075c .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001001a03a4 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 00000001001a0b14 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 00000001001a0ecc .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001001a163c .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 00000001001a1284 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 |
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001001a19f4
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001001d1014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001001d0c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001001d0e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001001e0a08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3860] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010026075c .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002603a4 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100260b14 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100260ecc .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010026163c .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100261284 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002619f4 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100250a08 .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000076be8550 5 bytes JMP 00000001002e075c .text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 0000000076bed440 5 bytes JMP 00000001002e1284 .text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076bef874 5 bytes JMP 00000001002e0ecc .text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076bf4d4c 5 bytes JMP 00000001002e03a4 .text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076c08c20 5 bytes JMP 00000001002e0b14 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010039075c .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003903a4 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100390b14 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100390ecc .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010039163c .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100391284 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003919f4 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010030075c .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003003a4 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100300b14 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100300ecc .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010030163c .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100301284 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 |
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003019f4 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010010075c .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001001003a4 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100100b14 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100100ecc .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010010163c .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100101284 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001001019f4 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\Explorer.EXE[3972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010047075c .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001004703a4 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100470b14 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100470ecc .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010047163c .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100471284 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001004719f4 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010032075c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003203a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100320b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100320ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010032163c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100321284 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003219f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000b03fc |
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000b0a08 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010044075c .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001004403a4 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100440b14 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100440ecc .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010044163c .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100441284 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001004419f4 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010021075c .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002103a4 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100210b14 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100210ecc .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010021163c .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100211284 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002119f4 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 00000001002f075c .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002f03a4 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 00000001002f0b14 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 00000001002f0ecc .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001002f163c .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 00000001002f1284 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002f19f4 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 00000001003a075c .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003a03a4 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 00000001003a0b14 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 00000001003a0ecc .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001003a163c .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 00000001003a1284 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003a19f4 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010025075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002503a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100250b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100250ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010025163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100251284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 |
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002519f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001401f8 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001403fc .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100140804 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100140600 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100140a08 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100151014 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100150804 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100150a08 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100150c0c .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100150e10 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001501f8 .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001503fc .text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100150600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010024075c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002403a4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100240b14 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100240ecc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010024163c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100241284 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002419f4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100060600 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100060804 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100060c0c .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100060a08 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100060e10 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000601f8 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000603fc .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001000d1014 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001000d0804 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001000d0a08 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001000d0c0c .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001000d0e10 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001000d01f8 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001000d03fc .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001000d0600 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001901f8 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001903fc .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100190804 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100190600 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100190a08 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100151014 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100150804 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100150a08 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100150c0c .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100150e10 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001501f8 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001503fc .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100150600 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001601f8 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001603fc .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100160804 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100160600 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100160a08 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010012075c .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001001203a4 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100120b14 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100120ecc .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010012163c .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100121284 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001001219f4 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0 .text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210 |
All times are GMT +1. The time now is 09:40 PM. |
Copyright © Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.