I have to keep restarting laptop to get back audio and youtube
Closed
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
-
Dec 19, 2013 at 03:38 PM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Dec 29, 2013 at 04:17 PM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Dec 29, 2013 at 04:17 PM
Related:
- I have to keep restarting laptop to get back audio and youtube
- How to type # in laptop - Guide
- Messenger audio downloader - Guide
- Youtube to mp3con converter - Download - Music downloads
- Youtube app download for pc - Download - Videos and news
- Gta 5 download apk laptop - Download - Action and adventure
14 responses
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Dec 20, 2013 at 02:14 AM
Dec 20, 2013 at 02:14 AM
Hello,
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on the "Configure" button.
7. Click on the Magnifying glass "diagnosis with legitimates".
8. Click on "Search"
Wait for the tool to finished (maybe a long time)
9. Close ZHPDiag.
10. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload ยป
12. Copy the URL and post it here.
Gabriel.
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on the "Configure" button.
7. Click on the Magnifying glass "diagnosis with legitimates".
8. Click on "Search"
Wait for the tool to finished (maybe a long time)
9. Close ZHPDiag.
10. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload ยป
12. Copy the URL and post it here.
Gabriel.
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 11:47 AM
Dec 20, 2013 at 11:47 AM
I already have 4 logs from other diagnostic tools. I'lll upload them and if you don't get all the info you want, then I'll try your tool. Hope that's all right because it is a lot of info and a lot of time.
_________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:11:40 PM, on 12/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Leona\Music\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Leona\AppData\Local\DownloadTerms\temp.dat (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (file missing)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\0e3bd2c8-9f80-4047-9433-138a166d289d.exe /check
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Leona\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Google Update] "C:\Users\Leona\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Jenkat Alert Widget] C:\Users\Leona\AppData\Roaming\Jenkat\Jenkat Alert Widget\JenkatGA.exe /b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Users\Leona\Desktop\SASCORE64.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
_________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:11:40 PM, on 12/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Leona\Music\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Leona\AppData\Local\DownloadTerms\temp.dat (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (file missing)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\0e3bd2c8-9f80-4047-9433-138a166d289d.exe /check
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Leona\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Google Update] "C:\Users\Leona\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Jenkat Alert Widget] C:\Users\Leona\AppData\Roaming\Jenkat\Jenkat Alert Widget\JenkatGA.exe /b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Users\Leona\Desktop\SASCORE64.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 11:54 AM
Dec 20, 2013 at 11:54 AM
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-19 16:47:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545025B9A300 rev.PB2OC60F 232.89GB
Running: k0iw07d7.exe; Driver: C:\Users\Leona\AppData\Local\Temp\ugloapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ded000 45 bytes [69, 00, 72, 00, 64, 00, 2D, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002ded02e 17 bytes [69, 00, 61, 00, 2E, 00, 63, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 000000014a150460
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 000000014a150450
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 000000014a150370
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 000000014a150470
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 000000014a1503e0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 000000014a150320
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 000000014a1503b0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 000000014a150390
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 000000014a1502e0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 000000014a1502d0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 000000014a150310
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 000000014a1503c0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 000000014a1503f0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 000000014a150230
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 000000014a150480
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 000000014a1503a0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 000000014a1502f0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 000000014a150350
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 000000014a150290
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 000000014a1502b0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 000000014a1503d0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 000000014a150330
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 000000014a150410
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 000000014a150240
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 000000014a1501e0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 000000014a150250
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 000000014a150490
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 000000014a1504a0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 000000014a150300
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 000000014a150360
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 000000014a1502a0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 000000014a1502c0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 000000014a150380
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 000000014a150340
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 000000014a150440
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 000000014a150260
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 000000014a150270
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 000000014a150400
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 000000014a1501f0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 000000014a150210
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 000000014a150200
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 000000014a150420
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 000000014a150430
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 000000014a150220
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 000000014a150280
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\wininit.exe[436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 000000014a150460
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 000000014a150450
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 000000014a150370
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 000000014a150470
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 000000014a1503e0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 000000014a150320
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 000000014a1503b0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 000000014a150390
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 000000014a1502e0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 000000014a1502d0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 000000014a150310
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 000000014a1503c0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 000000014a1503f0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 000000014a150230
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 000000014a150480
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 000000014a1503a0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 000000014a1502f0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 000000014a150350
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 000000014a150290
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 000000014a1502b0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 000000014a1503d0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 000000014a150330
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 000000014a150410
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry
0000000077bf1de0 5 bytes JMP 000000014a150240
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 000000014a1501e0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 000000014a150250
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 000000014a150490
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 000000014a1504a0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 000000014a150300
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 000000014a150360
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 000000014a1502a0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 000000014a1502c0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 000000014a150380
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 000000014a150340
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 000000014a150440
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 000000014a150260
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 000000014a150270
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 000000014a150400
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 000000014a1501f0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 000000014a150210
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 000000014a150200
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 000000014a150420
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 000000014a150430
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 000000014a150220
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 000000014a150280
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\services.exe[524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\lsass.exe[556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread
Rootkit scan 2013-12-19 16:47:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545025B9A300 rev.PB2OC60F 232.89GB
Running: k0iw07d7.exe; Driver: C:\Users\Leona\AppData\Local\Temp\ugloapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ded000 45 bytes [69, 00, 72, 00, 64, 00, 2D, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002ded02e 17 bytes [69, 00, 61, 00, 2E, 00, 63, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 000000014a150460
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 000000014a150450
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 000000014a150370
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 000000014a150470
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 000000014a1503e0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 000000014a150320
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 000000014a1503b0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 000000014a150390
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 000000014a1502e0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 000000014a1502d0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 000000014a150310
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 000000014a1503c0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 000000014a1503f0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 000000014a150230
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 000000014a150480
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 000000014a1503a0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 000000014a1502f0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 000000014a150350
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 000000014a150290
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 000000014a1502b0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 000000014a1503d0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 000000014a150330
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 000000014a150410
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 000000014a150240
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 000000014a1501e0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 000000014a150250
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 000000014a150490
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 000000014a1504a0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 000000014a150300
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 000000014a150360
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 000000014a1502a0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 000000014a1502c0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 000000014a150380
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 000000014a150340
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 000000014a150440
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 000000014a150260
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 000000014a150270
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 000000014a150400
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 000000014a1501f0
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 000000014a150210
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 000000014a150200
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 000000014a150420
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 000000014a150430
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 000000014a150220
.text C:\Windows\system32\csrss.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 000000014a150280
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\wininit.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\wininit.exe[436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 000000014a150460
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 000000014a150450
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 000000014a150370
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 000000014a150470
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 000000014a1503e0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 000000014a150320
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 000000014a1503b0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 000000014a150390
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 000000014a1502e0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 000000014a1502d0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 000000014a150310
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 000000014a1503c0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 000000014a1503f0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 000000014a150230
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 000000014a150480
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 000000014a1503a0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 000000014a1502f0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 000000014a150350
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 000000014a150290
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 000000014a1502b0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 000000014a1503d0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 000000014a150330
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 000000014a150410
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry
0000000077bf1de0 5 bytes JMP 000000014a150240
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 000000014a1501e0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 000000014a150250
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 000000014a150490
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 000000014a1504a0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 000000014a150300
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 000000014a150360
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 000000014a1502a0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 000000014a1502c0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 000000014a150380
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 000000014a150340
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 000000014a150440
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 000000014a150260
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 000000014a150270
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 000000014a150400
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 000000014a1501f0
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 000000014a150210
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 000000014a150200
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 000000014a150420
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 000000014a150430
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 000000014a150220
.text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 000000014a150280
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\winlogon.exe[504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\services.exe[524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\lsass.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\lsass.exe[556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\lsm.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 11:57 AM
Dec 20, 2013 at 11:57 AM
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\svchost.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\svchost.exe[872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\spoolsv.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\spoolsv.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\svchost.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\svchost.exe[872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\AUDIODG.EXE[1012] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\WLANExt.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\spoolsv.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\spoolsv.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess
Didn't find the answer you are looking for?
Ask a question
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 12:01 PM
Dec 20, 2013 at 12:01 PM
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\Explorer.EXE[2132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\PLFSetI.exe[2508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe[3024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Program Files (x86)\WordWeb\wweb32.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\sys
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\Explorer.EXE[2132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\igfxtray.exe[2628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\hkcmd.exe[2720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\System32\igfxpers.exe[2804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\PLFSetI.exe[2508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe[3024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\igfxsrvc.exe[3068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Program Files (x86)\WordWeb\wweb32.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007606a2ba 1 byte [62]
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf27e0 5 bytes JMP 0000000077d50400
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf29a0 5 bytes JMP 0000000077d501f0
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf29b0 5 bytes JMP 0000000077d50210
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf2a20 5 bytes JMP 0000000077d50200
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf2a80 5 bytes JMP 0000000077d50420
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf2a90 5 bytes JMP 0000000077d50430
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf2aa0 5 bytes JMP 0000000077d50220
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf2b80 5 bytes JMP 0000000077d50280
.text C:\Windows\system32\igfxext.exe[3956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf1360 5 bytes JMP 0000000077d50460
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf13b0 5 bytes JMP 0000000077d50450
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf1510 5 bytes JMP 0000000077d50370
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf1560 5 bytes JMP 0000000077d50470
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf1570 5 bytes JMP 0000000077d503e0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf1620 5 bytes JMP 0000000077d50320
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf1650 5 bytes JMP 0000000077d503b0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf1670 5 bytes JMP 0000000077d50390
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf16b0 5 bytes JMP 0000000077d502e0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf1730 5 bytes JMP 0000000077d502d0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf1750 5 bytes JMP 0000000077d50310
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf1790 5 bytes JMP 0000000077d503c0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf17e0 5 bytes JMP 0000000077d503f0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf1940 5 bytes JMP 0000000077d50230
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf1b00 5 bytes JMP 0000000077d50480
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf1b30 5 bytes JMP 0000000077d503a0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf1c10 5 bytes JMP 0000000077d502f0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf1c20 5 bytes JMP 0000000077d50350
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf1c80 5 bytes JMP 0000000077d50290
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1d10 5 bytes JMP 0000000077d502b0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1d30 5 bytes JMP 0000000077d503d0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1d40 5 bytes JMP 0000000077d50330
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf1db0 5 bytes JMP 0000000077d50410
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf1de0 5 bytes JMP 0000000077d50240
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf20a0 5 bytes JMP 0000000077d501e0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf2160 5 bytes JMP 0000000077d50250
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf2190 5 bytes JMP 0000000077d50490
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf21a0 5 bytes JMP 0000000077d504a0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf21d0 5 bytes JMP 0000000077d50300
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf21e0 5 bytes JMP 0000000077d50360
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf2240 5 bytes JMP 0000000077d502a0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf2290 5 bytes JMP 0000000077d502c0
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf22c0 5 bytes JMP 0000000077d50380
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf22d0 5 bytes JMP 0000000077d50340
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf25c0 5 bytes JMP 0000000077d50440
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf27c0 5 bytes JMP 0000000077d50260
.text C:\Windows\system32\SearchIndexer.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf27d0 5 bytes JMP 0000000077d50270
.text C:\Windows\sys
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 12:03 PM
Dec 20, 2013 at 12:03 PM
I use Malwarebytes to scan and avast is running. Malware picks up PUP ever so often. Can you also recommend something to get rid of programs I don't use and duplicate files?
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Dec 20, 2013 at 02:13 PM
Dec 20, 2013 at 02:13 PM
Hello,
Why a GMER report ?
Have you got MBAM's report ?
Gabriel.
Why a GMER report ?
Have you got MBAM's report ?
Gabriel.
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 03:30 PM
Dec 20, 2013 at 03:30 PM
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.20.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Leona :: LEONA-PC [administrator]
Protection: Enabled
12/20/2013 2:19:31 PM
MBAM-log-2013-12-20 (15-28-56).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341858
Time elapsed: 1 hour(s), 8 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.
(end)
www.malwarebytes.org
Database version: v2013.12.20.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Leona :: LEONA-PC [administrator]
Protection: Enabled
12/20/2013 2:19:31 PM
MBAM-log-2013-12-20 (15-28-56).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341858
Time elapsed: 1 hour(s), 8 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.
(end)
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Dec 20, 2013 at 03:32 PM
Dec 20, 2013 at 03:32 PM
Ok, now run ZHPDiag : https://ccm.net/forum/affich-732248-i-have-to-keep-restarting-laptop-to-get-back-audio-and-youtube#1
Gabriel.
Gabriel.
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 04:31 PM
Dec 20, 2013 at 04:31 PM
Rapport de Tests ZHPDiag v2013.12.14.22 (12/14/2013) - Variables
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
************* F O L D E R S / COMMON **********
sDirRoot ---->C:\
sDirCommonDesktop ---->C:\Users\Public\Desktop\
sDirAllUser ---->C:\Users\All Users\
sDirCommonAppdata ---->C:\ProgramData\
sDirProgramFiles ---->C:\Program Files (x86)\
sDirCommonPrograms ---->C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
sDirCommonStartup ---->C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
sDirWindows ---->C:\Windows\
sDirWindowsDPF ---->C:\Windows\Downloaded Program Files\
sDirWinTask ---->C:\Windows\Tasks\
sDirZHPDiagInstall ---->C:\Program Files (x86)\ZHPDiag\
sDirProgramFilesX86 ---->C:\Program Files (x86)\
sDirSystemFolder ---->C:\Windows\System32\
sDirSystemFolder64 ---->C:\Windows\SysWOW64\
sDirSystemDrivers ---->C:\Windows\System32\Drivers\
sDirProgramFilesCommonX86 ---->C:\Program Files (x86)\Common Files\
sDirProgramFilesCommon ---->C:\Program Files (x86)\Common Files\
************* F O L D E R S / USERNAME **********
sDirUserName ---->C:\Users\Leona\
sDirAppData ---->C:\Users\Leona\AppData\
sDirAppDataRoaming ---->C:\Users\Leona\AppData\Roaming\
sDirDesktop ---->C:\Users\Leona\Desktop\
sDirAppdataLocal ---->C:\Users\Leona\AppData\Local\
sDirAppdataLocalLow ---->C:\Users\Leona\AppData\LocalLow\
sDirAppdataLocalTemp ---->C:\Users\Leona\AppData\Local\Temp\
sDirDocuments ---->C:\Users\Leona\Documents\
sDirUserDownloads ---->C:\Users\Leona\Downloads\
sDirPictures ---->C:\Users\Leona\Pictures\
sDirVideos ---->C:\Users\Leona\Videos\
sDirMusic ---->C:\Users\Leona\Music\
sDirFavorites ---->C:\Users\Leona\Favorites\
sDirStartMenu ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\Start Menu\
sDirStartup ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sDirSendTo ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\SendTo\
sDirStartMenuPrograms ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
sDirProfilesFirefox ---->C:\Users\Leona\AppData\Roaming\Mozilla\Firefox\Profiles\
sDirZHPDiagReport ---->C:\Users\Leona\AppData\Roaming\ZHP\
************* F I L E S **********
sFileZHPDiagReport ---->C:\Users\Leona\AppData\Roaming\ZHP\ZHPDiag.txt
sFileHosts ---->C:\Windows\System32\Drivers\etc\HOSTS
sFileHostsSave ---->C:\Users\Leona\AppData\Roaming\ZHP\HOSTS.txt
sFileZHPScanQuarantine ---->C:\Users\Leona\AppData\Roaming\ZHP\ZHPScanQuarantine.txt
sFileTarget ---->C:\Program Files (x86)\ZHPDiag\ZHPDiag2.exe
sFileScanLog ---->C:\Users\Leona\AppData\Roaming\ZHP\Log.txt
sZHPScan ---->C:\Program Files (x86)\ZHPDiag\ZHPScan.Txt
sExportBDR ---->C:\Users\Leona\AppData\Roaming\ZHP\ZHPDiagTempo.Txt
sDoc ---->C:\Documents and Settings\Leona\
sUser ---->C:\Users\Leona\
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
************* F O L D E R S / COMMON **********
sDirRoot ---->C:\
sDirCommonDesktop ---->C:\Users\Public\Desktop\
sDirAllUser ---->C:\Users\All Users\
sDirCommonAppdata ---->C:\ProgramData\
sDirProgramFiles ---->C:\Program Files (x86)\
sDirCommonPrograms ---->C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
sDirCommonStartup ---->C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
sDirWindows ---->C:\Windows\
sDirWindowsDPF ---->C:\Windows\Downloaded Program Files\
sDirWinTask ---->C:\Windows\Tasks\
sDirZHPDiagInstall ---->C:\Program Files (x86)\ZHPDiag\
sDirProgramFilesX86 ---->C:\Program Files (x86)\
sDirSystemFolder ---->C:\Windows\System32\
sDirSystemFolder64 ---->C:\Windows\SysWOW64\
sDirSystemDrivers ---->C:\Windows\System32\Drivers\
sDirProgramFilesCommonX86 ---->C:\Program Files (x86)\Common Files\
sDirProgramFilesCommon ---->C:\Program Files (x86)\Common Files\
************* F O L D E R S / USERNAME **********
sDirUserName ---->C:\Users\Leona\
sDirAppData ---->C:\Users\Leona\AppData\
sDirAppDataRoaming ---->C:\Users\Leona\AppData\Roaming\
sDirDesktop ---->C:\Users\Leona\Desktop\
sDirAppdataLocal ---->C:\Users\Leona\AppData\Local\
sDirAppdataLocalLow ---->C:\Users\Leona\AppData\LocalLow\
sDirAppdataLocalTemp ---->C:\Users\Leona\AppData\Local\Temp\
sDirDocuments ---->C:\Users\Leona\Documents\
sDirUserDownloads ---->C:\Users\Leona\Downloads\
sDirPictures ---->C:\Users\Leona\Pictures\
sDirVideos ---->C:\Users\Leona\Videos\
sDirMusic ---->C:\Users\Leona\Music\
sDirFavorites ---->C:\Users\Leona\Favorites\
sDirStartMenu ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\Start Menu\
sDirStartup ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sDirSendTo ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\SendTo\
sDirStartMenuPrograms ---->C:\Users\Leona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
sDirProfilesFirefox ---->C:\Users\Leona\AppData\Roaming\Mozilla\Firefox\Profiles\
sDirZHPDiagReport ---->C:\Users\Leona\AppData\Roaming\ZHP\
************* F I L E S **********
sFileZHPDiagReport ---->C:\Users\Leona\AppData\Roaming\ZHP\ZHPDiag.txt
sFileHosts ---->C:\Windows\System32\Drivers\etc\HOSTS
sFileHostsSave ---->C:\Users\Leona\AppData\Roaming\ZHP\HOSTS.txt
sFileZHPScanQuarantine ---->C:\Users\Leona\AppData\Roaming\ZHP\ZHPScanQuarantine.txt
sFileTarget ---->C:\Program Files (x86)\ZHPDiag\ZHPDiag2.exe
sFileScanLog ---->C:\Users\Leona\AppData\Roaming\ZHP\Log.txt
sZHPScan ---->C:\Program Files (x86)\ZHPDiag\ZHPScan.Txt
sExportBDR ---->C:\Users\Leona\AppData\Roaming\ZHP\ZHPDiagTempo.Txt
sDoc ---->C:\Documents and Settings\Leona\
sUser ---->C:\Users\Leona\
leelee-
Posts
9
Registration date
Thursday December 19, 2013
Status
Member
Last seen
December 20, 2013
Dec 20, 2013 at 04:52 PM
Dec 20, 2013 at 04:52 PM
Now, I probably wont see any other response until Monday. I'll be off the internet until then.
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Dec 20, 2013 at 06:24 PM
Dec 20, 2013 at 06:24 PM
This is not the good report of ZHPDiag. You have to send me ZHPDiag.txt, on your desktop.
Good evening and see you soon,
Gabriel.
Good evening and see you soon,
Gabriel.
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Dec 29, 2013 at 04:17 PM
Dec 29, 2013 at 04:17 PM
Ok, good continuation. :)
Gabriel.
Gabriel.
