API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 27th, 2013
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 416.35 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.1.19163 - http://www.gmer.net
  2. Rootkit scan 2013-08-27 19:16:58
  3. Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM005_HD103SJ rev.1AJ100E5 931.51GB
  4. Running: lcxouxr3.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fwloqpod.sys
  5.  
  6.  
  7. ---- Kernel code sections - GMER 2.1 ----
  8.  
  9. INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031ba000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
  10. INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031ba02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
  11. .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880043add64 12 bytes {MOV RAX, 0xfffffa80081892a0; JMP RAX}
  12.  
  13. ---- User code sections - GMER 2.1 ----
  14.  
  15. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000149840460
  16. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000149840450
  17. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000149840370
  18. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000149840470
  19. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001498403e0
  20. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000149840320
  21. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000001498403b0
  22. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000149840390
  23. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000001498402e0
  24. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000001498402d0
  25. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000149840310
  26. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000001498403c0
  27. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000001498403f0
  28. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000149840230
  29. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000149840480
  30. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000001498403a0
  31. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000001498402f0
  32. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000149840350
  33. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000149840290
  34. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000001498402b0
  35. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000001498403d0
  36. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000149840330
  37. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000149840410
  38. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000149840240
  39. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000001498401e0
  40. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000149840250
  41. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000149840490
  42. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000001498404a0
  43. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000149840300
  44. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000149840360
  45. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000001498402a0
  46. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000001498402c0
  47. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000149840380
  48. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000149840340
  49. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000149840440
  50. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000149840260
  51. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000149840270
  52. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000149840400
  53. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000001498401f0
  54. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000149840210
  55. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000149840200
  56. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000149840420
  57. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000149840430
  58. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000149840220
  59. .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000149840280
  60. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000149840460
  61. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000149840450
  62. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000149840370
  63. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000149840470
  64. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001498403e0
  65. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000149840320
  66. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000001498403b0
  67. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000149840390
  68. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000001498402e0
  69. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000001498402d0
  70. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000149840310
  71. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000001498403c0
  72. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000001498403f0
  73. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000149840230
  74. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000149840480
  75. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000001498403a0
  76. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000001498402f0
  77. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000149840350
  78. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000149840290
  79. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000001498402b0
  80. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000001498403d0
  81. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000149840330
  82. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000149840410
  83. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000149840240
  84. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000001498401e0
  85. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000149840250
  86. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000149840490
  87. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000001498404a0
  88. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000149840300
  89. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000149840360
  90. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000001498402a0
  91. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000001498402c0
  92. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000149840380
  93. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000149840340
  94. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000149840440
  95. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000149840260
  96. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000149840270
  97. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000149840400
  98. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000001498401f0
  99. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000149840210
  100. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000149840200
  101. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000149840420
  102. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000149840430
  103. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000149840220
  104. .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000149840280
  105. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 000000014a0c0460
  106. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 000000014a0c0450
  107. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 000000014a0c0370
  108. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 000000014a0c0470
  109. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000014a0c03e0
  110. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 000000014a0c0320
  111. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 000000014a0c03b0
  112. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 000000014a0c0390
  113. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 000000014a0c02e0
  114. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 000000014a0c02d0
  115. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 000000014a0c0310
  116. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 000000014a0c03c0
  117. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 000000014a0c03f0
  118. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 000000014a0c0230
  119. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 000000014a0c0480
  120. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 000000014a0c03a0
  121. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 000000014a0c02f0
  122. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 000000014a0c0350
  123. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 000000014a0c0290
  124. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 000000014a0c02b0
  125. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 000000014a0c03d0
  126. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 000000014a0c0330
  127. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 000000014a0c0410
  128. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 000000014a0c0240
  129. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 000000014a0c01e0
  130. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 000000014a0c0250
  131. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 000000014a0c0490
  132. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 000000014a0c04a0
  133. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 000000014a0c0300
  134. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 000000014a0c0360
  135. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 000000014a0c02a0
  136. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 000000014a0c02c0
  137. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 000000014a0c0380
  138. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 000000014a0c0340
  139. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 000000014a0c0440
  140. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 000000014a0c0260
  141. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 000000014a0c0270
  142. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 000000014a0c0400
  143. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 000000014a0c01f0
  144. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 000000014a0c0210
  145. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 000000014a0c0200
  146. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 000000014a0c0420
  147. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 000000014a0c0430
  148. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 000000014a0c0220
  149. .text C:\Windows\system32\psxss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 000000014a0c0280
  150. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  151. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  152. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  153. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  154. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  155. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  156. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  157. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  158. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  159. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  160. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  161. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  162. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  163. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  164. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  165. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  166. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  167. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  168. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  169. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  170. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  171. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  172. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  173. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  174. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  175. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  176. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  177. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  178. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  179. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  180. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  181. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  182. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  183. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  184. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  185. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  186. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  187. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  188. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  189. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  190. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  191. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  192. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  193. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  194. .text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  195. .text C:\Windows\system32\wininit.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  196. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  197. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  198. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  199. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  200. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  201. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  202. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  203. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  204. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  205. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  206. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  207. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  208. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  209. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  210. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  211. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  212. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  213. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  214. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  215. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  216. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  217. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  218. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  219. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  220. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  221. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  222. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  223. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  224. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  225. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  226. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  227. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  228. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  229. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  230. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  231. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  232. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  233. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  234. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  235. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  236. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  237. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  238. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  239. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  240. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  241. .text C:\Windows\system32\winlogon.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  242. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  243. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  244. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  245. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  246. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  247. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  248. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  249. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  250. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  251. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  252. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  253. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  254. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  255. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  256. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  257. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  258. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  259. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  260. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  261. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  262. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  263. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  264. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  265. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  266. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  267. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  268. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  269. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  270. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  271. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  272. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  273. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  274. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  275. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  276. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  277. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  278. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  279. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  280. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  281. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  282. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  283. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  284. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  285. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  286. .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  287. .text C:\Windows\system32\services.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  288. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  289. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  290. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  291. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  292. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  293. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  294. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  295. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  296. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  297. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  298. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  299. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  300. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  301. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  302. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  303. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  304. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  305. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  306. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  307. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  308. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  309. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  310. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  311. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  312. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  313. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  314. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  315. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  316. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  317. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  318. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  319. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  320. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  321. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  322. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  323. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  324. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  325. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  326. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  327. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  328. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  329. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  330. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  331. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  332. .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  333. .text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  334. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  335. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  336. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  337. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  338. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  339. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  340. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  341. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  342. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  343. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  344. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  345. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  346. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  347. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  348. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  349. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  350. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  351. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  352. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  353. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  354. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  355. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  356. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  357. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  358. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  359. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  360. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  361. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  362. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  363. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  364. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  365. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  366. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  367. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  368. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  369. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  370. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  371. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  372. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  373. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  374. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  375. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  376. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  377. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  378. .text C:\Windows\system32\lsm.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  379. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  380. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  381. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  382. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  383. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  384. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  385. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  386. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  387. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  388. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  389. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  390. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  391. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  392. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  393. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  394. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  395. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  396. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  397. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  398. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  399. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  400. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  401. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  402. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  403. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  404. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  405. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  406. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  407. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  408. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  409. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  410. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  411. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  412. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  413. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  414. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  415. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  416. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  417. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  418. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  419. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  420. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  421. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  422. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  423. .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  424. .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  425. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  426. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  427. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  428. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  429. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  430. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  431. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  432. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  433. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  434. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  435. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  436. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  437. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  438. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  439. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  440. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  441. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  442. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  443. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  444. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  445. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  446. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  447. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  448. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  449. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  450. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  451. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  452. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  453. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  454. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  455. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  456. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  457. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  458. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  459. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  460. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  461. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  462. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  463. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  464. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  465. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  466. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  467. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  468. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  469. .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  470. .text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  471. .text C:\Windows\system32\atiesrxx.exe[980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  472. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000100070460
  473. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000100070450
  474. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000100070370
  475. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000100070470
  476. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001000703e0
  477. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000100070320
  478. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000001000703b0
  479. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000100070390
  480. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000001000702e0
  481. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000001000702d0
  482. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000100070310
  483. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000001000703c0
  484. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000001000703f0
  485. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000100070230
  486. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000100070480
  487. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000001000703a0
  488. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000001000702f0
  489. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000100070350
  490. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000100070290
  491. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000001000702b0
  492. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000001000703d0
  493. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000100070330
  494. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000100070410
  495. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000100070240
  496. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000001000701e0
  497. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000100070250
  498. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000100070490
  499. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000001000704a0
  500. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000100070300
  501. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000100070360
  502. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000001000702a0
  503. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000001000702c0
  504. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000100070380
  505. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000100070340
  506. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000100070440
  507. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000100070260
  508. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000100070270
  509. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000100070400
  510. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000001000701f0
  511. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000100070210
  512. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000100070200
  513. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000100070420
  514. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000100070430
  515. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000100070220
  516. .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000100070280
  517. .text C:\Windows\System32\svchost.exe[116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  518. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000100070460
  519. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000100070450
  520. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000100070370
  521. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000100070470
  522. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001000703e0
  523. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000100070320
  524. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000001000703b0
  525. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000100070390
  526. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000001000702e0
  527. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000001000702d0
  528. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000100070310
  529. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000001000703c0
  530. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000001000703f0
  531. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000100070230
  532. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000100070480
  533. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000001000703a0
  534. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000001000702f0
  535. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000100070350
  536. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000100070290
  537. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000001000702b0
  538. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000001000703d0
  539. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000100070330
  540. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000100070410
  541. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000100070240
  542. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000001000701e0
  543. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000100070250
  544. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000100070490
  545. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000001000704a0
  546. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000100070300
  547. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000100070360
  548. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000001000702a0
  549. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000001000702c0
  550. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000100070380
  551. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000100070340
  552. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000100070440
  553. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000100070260
  554. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000100070270
  555. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000100070400
  556. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000001000701f0
  557. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000100070210
  558. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000100070200
  559. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000100070420
  560. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000100070430
  561. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000100070220
  562. .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000100070280
  563. .text C:\Windows\System32\svchost.exe[396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  564. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000100070460
  565. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000100070450
  566. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000100070370
  567. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000100070470
  568. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001000703e0
  569. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000100070320
  570. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000001000703b0
  571. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000100070390
  572. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000001000702e0
  573. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000001000702d0
  574. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000100070310
  575. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000001000703c0
  576. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000001000703f0
  577. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000100070230
  578. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000100070480
  579. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000001000703a0
  580. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000001000702f0
  581. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000100070350
  582. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000100070290
  583. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000001000702b0
  584. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000001000703d0
  585. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000100070330
  586. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000100070410
  587. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000100070240
  588. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000001000701e0
  589. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000100070250
  590. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000100070490
  591. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000001000704a0
  592. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000100070300
  593. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000100070360
  594. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000001000702a0
  595. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000001000702c0
  596. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000100070380
  597. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000100070340
  598. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000100070440
  599. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000100070260
  600. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000100070270
  601. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000100070400
  602. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000001000701f0
  603. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000100070210
  604. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000100070200
  605. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000100070420
  606. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000100070430
  607. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000100070220
  608. .text C:\Windows\system32\svchost.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000100070280
  609. .text C:\Windows\system32\svchost.exe[432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  610. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  611. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  612. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  613. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  614. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  615. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  616. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  617. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  618. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  619. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  620. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  621. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  622. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  623. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  624. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  625. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  626. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  627. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  628. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  629. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  630. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  631. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  632. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  633. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  634. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  635. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  636. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  637. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  638. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  639. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  640. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  641. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  642. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  643. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  644. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  645. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  646. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  647. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  648. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  649. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  650. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  651. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  652. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  653. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  654. .text C:\Windows\system32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  655. .text C:\Windows\system32\svchost.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  656. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  657. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  658. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  659. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  660. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  661. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  662. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  663. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  664. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  665. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  666. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  667. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  668. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  669. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  670. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  671. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  672. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  673. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  674. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  675. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  676. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  677. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  678. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  679. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  680. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  681. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  682. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  683. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  684. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  685. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  686. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  687. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  688. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  689. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  690. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  691. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  692. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  693. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  694. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  695. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  696. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  697. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  698. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  699. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  700. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  701. .text C:\Windows\system32\AUDIODG.EXE[1080] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  702. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  703. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  704. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  705. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  706. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  707. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  708. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  709. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  710. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  711. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  712. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  713. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  714. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  715. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  716. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  717. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  718. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  719. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  720. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  721. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  722. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  723. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  724. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  725. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  726. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  727. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  728. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  729. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  730. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  731. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  732. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  733. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  734. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  735. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  736. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  737. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  738. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  739. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  740. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  741. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  742. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  743. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  744. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  745. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  746. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  747. .text C:\Windows\system32\svchost.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  748. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  749. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  750. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  751. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  752. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  753. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  754. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  755. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  756. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  757. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  758. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  759. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  760. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  761. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  762. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  763. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  764. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  765. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  766. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  767. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  768. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  769. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  770. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  771. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  772. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  773. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  774. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  775. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  776. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  777. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  778. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  779. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  780. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  781. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  782. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  783. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  784. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  785. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  786. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  787. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  788. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  789. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  790. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  791. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  792. .text C:\Windows\system32\atieclxx.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  793. .text C:\Windows\System32\spoolsv.exe[1968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  794. .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  795. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  796. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  797. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  798. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  799. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  800. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  801. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  802. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  803. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  804. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  805. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  806. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  807. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  808. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  809. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  810. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  811. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  812. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  813. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  814. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  815. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  816. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  817. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  818. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  819. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  820. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  821. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  822. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  823. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  824. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  825. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  826. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  827. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  828. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  829. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  830. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  831. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  832. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  833. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  834. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  835. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  836. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  837. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  838. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  839. .text C:\Program Files\Bonjour\mDNSResponder.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  840. .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  841. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  842. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  843. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  844. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  845. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000000771503e0
  846. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  847. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  848. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  849. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  850. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  851. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  852. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  853. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  854. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  855. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  856. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  857. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  858. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  859. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  860. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  861. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  862. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  863. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  864. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  865. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  866. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  867. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  868. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  869. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  870. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  871. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  872. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  873. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  874. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  875. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  876. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  877. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  878. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000077150400
  879. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  880. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  881. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  882. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  883. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  884. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  885. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  886. .text C:\Program Files\Droid Explorer\DroidExplorer.Service.exe[1720] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  887. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  888. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  889. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  890. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  891. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  892. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  893. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  894. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  895. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 00000001000f1014
  896. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 00000001000f0804
  897. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 00000001000f0a08
  898. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 00000001000f0c0c
  899. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 00000001000f0e10
  900. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001000f01f8
  901. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001000f03fc
  902. .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2320] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 00000001000f0600
  903. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  904. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  905. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  906. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  907. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  908. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  909. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  910. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  911. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076aaee09 5 bytes JMP 00000001002301f8
  912. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ab3982 5 bytes JMP 00000001002303fc
  913. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 0000000100230804
  914. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ab835c 5 bytes JMP 0000000100230600
  915. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 0000000100230a08
  916. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 0000000100241014
  917. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 0000000100240804
  918. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 0000000100240a08
  919. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 0000000100240c0c
  920. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 0000000100240e10
  921. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001002401f8
  922. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001002403fc
  923. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 0000000100240600
  924. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074371a22 2 bytes [37, 74]
  925. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074371ad0 2 bytes [37, 74]
  926. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074371b08 2 bytes [37, 74]
  927. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074371bba 2 bytes [37, 74]
  928. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074371bda 2 bytes [37, 74]
  929. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
  930. .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
  931. .text ... * 2
  932. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010051075c
  933. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001005103a4
  934. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000100070460
  935. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000100070450
  936. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100510b14
  937. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100510ecc
  938. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000100070370
  939. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000100070470
  940. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010051163c
  941. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000100070320
  942. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000001000703b0
  943. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000100070390
  944. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000001000702e0
  945. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000001000702d0
  946. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000100070310
  947. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000001000703c0
  948. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100511284
  949. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000001000703f0
  950. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000100070230
  951. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000100070480
  952. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000001000703a0
  953. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000001000702f0
  954. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000100070350
  955. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000100070290
  956. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000001000702b0
  957. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000001000703d0
  958. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000100070330
  959. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000100070410
  960. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000100070240
  961. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000001000701e0
  962. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000100070250
  963. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000100070490
  964. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000001000704a0
  965. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000100070300
  966. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000100070360
  967. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000001000702a0
  968. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000001000702c0
  969. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000100070380
  970. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000100070340
  971. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000100070440
  972. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000100070260
  973. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000100070270
  974. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001005119f4
  975. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000001000701f0
  976. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000100070210
  977. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000100070200
  978. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000100070420
  979. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000100070430
  980. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000100070220
  981. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000100070280
  982. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  983. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  984. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  985. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  986. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  987. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  988. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  989. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  990. .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  991. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  992. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  993. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  994. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  995. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  996. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  997. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  998. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  999. .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1000. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001a075c
  1001. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001a03a4
  1002. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1003. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1004. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001a0b14
  1005. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001a0ecc
  1006. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1007. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1008. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001a163c
  1009. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1010. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1011. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1012. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1013. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1014. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1015. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1016. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001a1284
  1017. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1018. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1019. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1020. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1021. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1022. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1023. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1024. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1025. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1026. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1027. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1028. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1029. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1030. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1031. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1032. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1033. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1034. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1035. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1036. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1037. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1038. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1039. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1040. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1041. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1042. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001a19f4
  1043. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1044. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1045. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1046. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1047. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1048. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1049. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1050. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1051. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1052. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1053. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1054. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1055. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1056. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1057. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1058. .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1059. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  1060. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  1061. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  1062. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  1063. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  1064. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  1065. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  1066. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1067. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 00000001000a1014
  1068. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 00000001000a0804
  1069. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 00000001000a0a08
  1070. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 00000001000a0c0c
  1071. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 00000001000a0e10
  1072. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001000a01f8
  1073. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001000a03fc
  1074. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 00000001000a0600
  1075. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076aaee09 5 bytes JMP 00000001000b01f8
  1076. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ab3982 5 bytes JMP 00000001000b03fc
  1077. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 00000001000b0804
  1078. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ab835c 5 bytes JMP 00000001000b0600
  1079. .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2560] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 00000001000b0a08
  1080. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100100600
  1081. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100100804
  1082. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100100c0c
  1083. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100100a08
  1084. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100100e10
  1085. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001001001f8
  1086. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001001003fc
  1087. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1088. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076aaee09 5 bytes JMP 00000001001101f8
  1089. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ab3982 5 bytes JMP 00000001001103fc
  1090. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 0000000100110804
  1091. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ab835c 5 bytes JMP 0000000100110600
  1092. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 0000000100110a08
  1093. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 0000000100171014
  1094. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 0000000100170804
  1095. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 0000000100170a08
  1096. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 0000000100170c0c
  1097. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 0000000100170e10
  1098. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001001701f8
  1099. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001001703fc
  1100. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 0000000100170600
  1101. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 000000006f7a13c6 2 bytes [7A, 6F]
  1102. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 000000006f7a13f6 2 bytes [7A, 6F]
  1103. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 000000006f7a14ad 2 bytes [7A, 6F]
  1104. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 000000006f7a14db 2 bytes [7A, 6F]
  1105. .text ... * 2
  1106. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 000000006f7a1577 2 bytes [7A, 6F]
  1107. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 000000006f7a15d7 2 bytes [7A, 6F]
  1108. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 000000006f7a1794 2 bytes [7A, 6F]
  1109. .text C:\Windows\SysWOW64\vmnat.exe[2616] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 000000006f7a18c1 2 bytes [7A, 6F]
  1110. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010013075c
  1111. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001303a4
  1112. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1113. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1114. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100130b14
  1115. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100130ecc
  1116. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1117. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1118. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010013163c
  1119. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1120. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1121. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1122. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1123. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1124. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1125. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1126. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100131284
  1127. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1128. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1129. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1130. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1131. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1132. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1133. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1134. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1135. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1136. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1137. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1138. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1139. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1140. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1141. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1142. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1143. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1144. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1145. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1146. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1147. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1148. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1149. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1150. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1151. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1152. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001319f4
  1153. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1154. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1155. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1156. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1157. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1158. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1159. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1160. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1161. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1162. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1163. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1164. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1165. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1166. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1167. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1168. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1169. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  1170. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  1171. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  1172. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  1173. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  1174. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  1175. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  1176. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1177. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 00000001000d1014
  1178. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 00000001000d0804
  1179. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 00000001000d0a08
  1180. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 00000001000d0c0c
  1181. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 00000001000d0e10
  1182. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001000d01f8
  1183. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001000d03fc
  1184. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 00000001000d0600
  1185. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
  1186. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
  1187. .text ... * 2
  1188. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076aaee09 5 bytes JMP 00000001000e01f8
  1189. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ab3982 5 bytes JMP 00000001000e03fc
  1190. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 00000001000e0804
  1191. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ab835c 5 bytes JMP 00000001000e0600
  1192. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[2952] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 00000001000e0a08
  1193. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010046075c
  1194. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001004603a4
  1195. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000100070460
  1196. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000100070450
  1197. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100460b14
  1198. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100460ecc
  1199. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000100070370
  1200. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000100070470
  1201. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010046163c
  1202. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000100070320
  1203. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000001000703b0
  1204. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000100070390
  1205. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000001000702e0
  1206. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000001000702d0
  1207. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000100070310
  1208. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000001000703c0
  1209. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100461284
  1210. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000001000703f0
  1211. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000100070230
  1212. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000100070480
  1213. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000001000703a0
  1214. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000001000702f0
  1215. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000100070350
  1216. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000100070290
  1217. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000001000702b0
  1218. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000001000703d0
  1219. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000100070330
  1220. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000100070410
  1221. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000100070240
  1222. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000001000701e0
  1223. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000100070250
  1224. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000100070490
  1225. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000001000704a0
  1226. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000100070300
  1227. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000100070360
  1228. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000001000702a0
  1229. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000001000702c0
  1230. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000100070380
  1231. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000100070340
  1232. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000100070440
  1233. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000100070260
  1234. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000100070270
  1235. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001004619f4
  1236. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000001000701f0
  1237. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000100070210
  1238. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000100070200
  1239. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000100070420
  1240. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000100070430
  1241. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000100070220
  1242. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000100070280
  1243. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1244. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1245. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1246. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1247. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1248. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1249. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1250. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1251. .text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1252. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1253. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1254. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1255. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1256. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1257. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1258. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1259. .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2088] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1260. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100100600
  1261. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100100804
  1262. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100100c0c
  1263. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100100a08
  1264. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100100e10
  1265. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001001001f8
  1266. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001001003fc
  1267. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1268. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076aaee09 5 bytes JMP 00000001001601f8
  1269. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ab3982 5 bytes JMP 00000001001603fc
  1270. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 0000000100160804
  1271. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ab835c 5 bytes JMP 0000000100160600
  1272. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 0000000100160a08
  1273. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 0000000100171014
  1274. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 0000000100170804
  1275. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 0000000100170a08
  1276. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 0000000100170c0c
  1277. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 0000000100170e10
  1278. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001001701f8
  1279. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001001703fc
  1280. .text C:\Windows\SysWOW64\vmnetdhcp.exe[1564] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 0000000100170600
  1281. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001003d075c
  1282. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003d03a4
  1283. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1284. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1285. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001003d0b14
  1286. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001003d0ecc
  1287. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1288. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1289. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001003d163c
  1290. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1291. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1292. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1293. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1294. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1295. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1296. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1297. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001003d1284
  1298. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1299. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1300. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1301. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1302. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1303. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1304. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1305. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1306. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1307. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1308. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1309. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1310. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1311. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1312. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1313. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1314. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1315. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1316. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1317. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1318. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1319. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1320. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1321. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1322. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1323. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003d19f4
  1324. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1325. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1326. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1327. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1328. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1329. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1330. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1331. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1332. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1333. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1334. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1335. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1336. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1337. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1338. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1339. .text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2708] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1340. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  1341. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  1342. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  1343. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  1344. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  1345. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  1346. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  1347. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1348. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076aaee09 5 bytes JMP 00000001001201f8
  1349. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ab3982 5 bytes JMP 00000001001203fc
  1350. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 0000000100120804
  1351. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ab835c 5 bytes JMP 0000000100120600
  1352. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 0000000100120a08
  1353. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 0000000100131014
  1354. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 0000000100130804
  1355. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 0000000100130a08
  1356. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 0000000100130c0c
  1357. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 0000000100130e10
  1358. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001001301f8
  1359. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001001303fc
  1360. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 0000000100130600
  1361. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
  1362. .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
  1363. .text ... * 2
  1364. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001002f075c
  1365. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002f03a4
  1366. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1367. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1368. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001002f0b14
  1369. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001002f0ecc
  1370. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1371. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1372. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001002f163c
  1373. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1374. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1375. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1376. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1377. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1378. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1379. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1380. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001002f1284
  1381. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1382. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1383. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1384. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1385. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1386. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1387. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1388. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1389. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1390. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1391. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1392. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1393. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1394. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1395. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1396. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1397. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1398. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1399. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1400. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1401. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1402. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1403. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1404. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1405. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1406. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002f19f4
  1407. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1408. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1409. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1410. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1411. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1412. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1413. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1414. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1415. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1416. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1417. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1418. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1419. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1420. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1421. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1422. .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1423. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1424. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1425. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1426. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1427. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1428. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1429. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1430. .text C:\Windows\System32\alg.exe[3540] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1431. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1432. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1433. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1434. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1435. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1436. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1437. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1438. .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1439. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1440. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1441. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1442. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1443. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1444. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1445. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1446. .text C:\Windows\system32\svchost.exe[3600] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1447. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001002b075c
  1448. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002b03a4
  1449. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1450. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1451. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001002b0b14
  1452. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001002b0ecc
  1453. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1454. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1455. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001002b163c
  1456. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1457. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1458. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1459. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1460. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1461. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1462. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1463. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001002b1284
  1464. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1465. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1466. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1467. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1468. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1469. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1470. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1471. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1472. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1473. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1474. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1475. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1476. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1477. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1478. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1479. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1480. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1481. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1482. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1483. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1484. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1485. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1486. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1487. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1488. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1489. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002b19f4
  1490. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1491. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1492. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1493. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1494. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1495. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1496. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1497. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1498. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1499. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1500. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1501. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1502. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1503. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1504. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1505. .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1506. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  1507. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  1508. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  1509. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  1510. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  1511. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  1512. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  1513. .text C:\Program Files (x86)\Steam\Steam.exe[5072] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1514. .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1515. .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
  1516. .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
  1517. .text ... * 2
  1518. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010017075c
  1519. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001703a4
  1520. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1521. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1522. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100170b14
  1523. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100170ecc
  1524. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1525. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1526. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010017163c
  1527. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1528. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1529. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1530. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1531. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1532. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1533. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1534. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100171284
  1535. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1536. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1537. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1538. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1539. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1540. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1541. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1542. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1543. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1544. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1545. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1546. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1547. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1548. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1549. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1550. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1551. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1552. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1553. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1554. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1555. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1556. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1557. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1558. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1559. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1560. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001719f4
  1561. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1562. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1563. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1564. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1565. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1566. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1567. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1568. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1569. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1570. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1571. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1572. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1573. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1574. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1575. .text C:\Windows\System32\svchost.exe[4544] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1576. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010023075c
  1577. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002303a4
  1578. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1579. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1580. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100230b14
  1581. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100230ecc
  1582. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1583. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1584. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010023163c
  1585. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1586. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1587. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1588. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1589. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1590. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1591. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1592. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100231284
  1593. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1594. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1595. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1596. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1597. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1598. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1599. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1600. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1601. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1602. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1603. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1604. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1605. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1606. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1607. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1608. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1609. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1610. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1611. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1612. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1613. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1614. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1615. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1616. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1617. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1618. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002319f4
  1619. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1620. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1621. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1622. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1623. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1624. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1625. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1626. .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5060] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1627. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010025075c
  1628. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002503a4
  1629. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ff1360 5 bytes JMP 0000000077150460
  1630. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ff13b0 5 bytes JMP 0000000077150450
  1631. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100250b14
  1632. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100250ecc
  1633. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ff1510 5 bytes JMP 0000000077150370
  1634. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ff1560 5 bytes JMP 0000000077150470
  1635. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010025163c
  1636. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ff1620 5 bytes JMP 0000000077150320
  1637. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ff1650 5 bytes JMP 00000000771503b0
  1638. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ff1670 5 bytes JMP 0000000077150390
  1639. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ff16b0 5 bytes JMP 00000000771502e0
  1640. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ff1730 5 bytes JMP 00000000771502d0
  1641. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ff1750 5 bytes JMP 0000000077150310
  1642. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ff1790 5 bytes JMP 00000000771503c0
  1643. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100251284
  1644. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ff17e0 5 bytes JMP 00000000771503f0
  1645. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ff1940 5 bytes JMP 0000000077150230
  1646. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff1b00 5 bytes JMP 0000000077150480
  1647. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ff1b30 5 bytes JMP 00000000771503a0
  1648. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ff1c10 5 bytes JMP 00000000771502f0
  1649. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ff1c20 5 bytes JMP 0000000077150350
  1650. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ff1c80 5 bytes JMP 0000000077150290
  1651. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ff1d10 5 bytes JMP 00000000771502b0
  1652. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ff1d30 5 bytes JMP 00000000771503d0
  1653. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ff1d40 5 bytes JMP 0000000077150330
  1654. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ff1db0 5 bytes JMP 0000000077150410
  1655. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ff1de0 5 bytes JMP 0000000077150240
  1656. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ff20a0 5 bytes JMP 00000000771501e0
  1657. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ff2160 5 bytes JMP 0000000077150250
  1658. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ff2190 5 bytes JMP 0000000077150490
  1659. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ff21a0 5 bytes JMP 00000000771504a0
  1660. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ff21d0 5 bytes JMP 0000000077150300
  1661. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ff21e0 5 bytes JMP 0000000077150360
  1662. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ff2240 5 bytes JMP 00000000771502a0
  1663. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ff2290 5 bytes JMP 00000000771502c0
  1664. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ff22c0 5 bytes JMP 0000000077150380
  1665. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ff22d0 5 bytes JMP 0000000077150340
  1666. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ff25c0 5 bytes JMP 0000000077150440
  1667. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ff27c0 5 bytes JMP 0000000077150260
  1668. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ff27d0 5 bytes JMP 0000000077150270
  1669. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002519f4
  1670. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ff29a0 5 bytes JMP 00000000771501f0
  1671. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ff29b0 5 bytes JMP 0000000077150210
  1672. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ff2a20 5 bytes JMP 0000000077150200
  1673. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ff2a80 5 bytes JMP 0000000077150420
  1674. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ff2a90 5 bytes JMP 0000000077150430
  1675. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ff2aa0 5 bytes JMP 0000000077150220
  1676. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ff2b80 5 bytes JMP 0000000077150280
  1677. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1678. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1679. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1680. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1681. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1682. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1683. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1684. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1685. .text C:\Program Files\iPod\bin\iPodService.exe[2876] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1686. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1687. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1688. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1689. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1690. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1691. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1692. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1693. .text C:\Windows\system32\DllHost.exe[5144] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1694. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1695. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1696. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1697. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1698. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1699. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1700. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1701. .text C:\Windows\system32\svchost.exe[5212] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1702. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  1703. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  1704. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  1705. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  1706. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  1707. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  1708. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  1709. .text C:\Program Files (x86)\iTunes\iTunes.exe[5444] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1710. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076ddeecd 1 byte [62]
  1711. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1712. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1713. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1714. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1715. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1716. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1717. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1718. .text C:\Windows\system32\vssvc.exe[7900] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1719. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1720. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1721. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1722. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1723. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1724. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1725. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1726. .text C:\Windows\System32\svchost.exe[4440] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1727. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001b075c
  1728. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001b03a4
  1729. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001b0b14
  1730. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001b0ecc
  1731. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001b163c
  1732. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001b1284
  1733. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001b19f4
  1734. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1b6e00 5 bytes JMP 000007ff7d1d1dac
  1735. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1b6f2c 5 bytes JMP 000007ff7d1d0ecc
  1736. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1b7220 5 bytes JMP 000007ff7d1d1284
  1737. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1b739c 5 bytes JMP 000007ff7d1d163c
  1738. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1b7538 5 bytes JMP 000007ff7d1d19f4
  1739. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1b75e8 5 bytes JMP 000007ff7d1d03a4
  1740. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1b790c 5 bytes JMP 000007ff7d1d075c
  1741. .text C:\Windows\system32\taskeng.exe[6920] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1b7ab4 5 bytes JMP 000007ff7d1d0b14
  1742. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
  1743. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
  1744. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
  1745. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
  1746. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
  1747. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
  1748. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
  1749. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa30a 1 byte [62]
  1750. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075515181 5 bytes JMP 0000000100241014
  1751. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075515254 5 bytes JMP 0000000100240804
  1752. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755153d5 5 bytes JMP 0000000100240a08
  1753. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755154c2 5 bytes JMP 0000000100240c0c
  1754. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755155e2 5 bytes JMP 0000000100240e10
  1755. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007551567c 5 bytes JMP 00000001002401f8
  1756. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007551589f 5 bytes JMP 00000001002403fc
  1757. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075515a22 5 bytes JMP 0000000100240600
  1758. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076aaee09 5 bytes JMP 00000001002501f8
  1759. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ab3982 5 bytes JMP 00000001002503fc
  1760. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 0000000100250804
  1761. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ab835c 5 bytes JMP 0000000100250600
  1762. .text C:\Users\Chris\Downloads\lcxouxr3.exe[7612] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 0000000100250a08
  1763.  
  1764. ---- Kernel IAT/EAT - GMER 2.1 ----
  1765.  
  1766. IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010b7f1c] \SystemRoot\System32\Drivers\sptd.sys [.text]
  1767. IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010b7cc0] \SystemRoot\System32\Drivers\sptd.sys [.text]
  1768. IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010b869c] \SystemRoot\System32\Drivers\sptd.sys [.text]
  1769. IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010b8a98] \SystemRoot\System32\Drivers\sptd.sys [.text]
  1770. IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010b88f4] \SystemRoot\System32\Drivers\sptd.sys [.text]
  1771.  
  1772. ---- Devices - GMER 2.1 ----
  1773.  
  1774. Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800702a2c0
  1775. Device \Driver\atapi \Device\Ide\IdePort4 fffffa800702a2c0
  1776. Device \Driver\atapi \Device\Ide\IdePort0 fffffa800702a2c0
  1777. Device \Driver\atapi \Device\Ide\IdePort5 fffffa800702a2c0
  1778. Device \Driver\atapi \Device\Ide\IdePort1 fffffa800702a2c0
  1779. Device \Driver\atapi \Device\Ide\IdePort2 fffffa800702a2c0
  1780. Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa800702a2c0
  1781. Device \Driver\atapi \Device\Ide\IdePort3 fffffa800702a2c0
  1782. Device \Driver\afk0cy62 \Device\Scsi\afk0cy621 fffffa80082b22c0
  1783. Device \Driver\afk0cy62 \Device\Scsi\afk0cy621Port6Path0Target0Lun0 fffffa80082b22c0
  1784. Device \FileSystem\Ntfs \Ntfs fffffa80070302c0
  1785. Device \Driver\NetBT \Device\NetBT_Tcpip_{F1C51DBC-D0CC-4E42-9454-2AF2BC5802C8} fffffa80080982c0
  1786. Device \Driver\usbehci \Device\USBPDO-1 fffffa800818b2c0
  1787. Device \Driver\cdrom \Device\CdRom0 fffffa8007f952c0
  1788. Device \Driver\NetBT \Device\NetBT_Tcpip_{18EC1B8A-0395-49EA-9BC4-65252B9344A7} fffffa80080982c0
  1789. Device \Driver\cdrom \Device\CdRom1 fffffa8007f952c0
  1790. Device \Driver\usbehci \Device\USBFDO-0 fffffa800818b2c0
  1791. Device \Driver\NetBT \Device\NetBT_Tcpip_{315CA033-B662-4320-9052-2A2F51D679C9} fffffa80080982c0
  1792. Device \Driver\usbehci \Device\USBFDO-1 fffffa800818b2c0
  1793. Device \Driver\NetBT \Device\NetBT_Tcpip_{70FCE05E-CDAD-4655-B88C-53777CF81E00} fffffa80080982c0
  1794. Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80080982c0
  1795. Device \Driver\NetBT \Device\NetBT_Tcpip_{3A5543DA-ACBE-47F9-9FFE-00D72B1F571F} fffffa80080982c0
  1796. Device \Driver\atapi \Device\ScsiPort0 fffffa800702a2c0
  1797. Device \Driver\usbehci \Device\USBPDO-0 fffffa800818b2c0
  1798. Device \Driver\atapi \Device\ScsiPort1 fffffa800702a2c0
  1799. Device \Driver\atapi \Device\ScsiPort2 fffffa800702a2c0
  1800. Device \Driver\atapi \Device\ScsiPort3 fffffa800702a2c0
  1801. Device \Driver\atapi \Device\ScsiPort4 fffffa800702a2c0
  1802. Device \Driver\atapi \Device\ScsiPort5 fffffa800702a2c0
  1803. Device \Driver\afk0cy62 \Device\ScsiPort6 fffffa80082b22c0
  1804.  
  1805. ---- Modules - GMER 2.1 ----
  1806.  
  1807. Module \SystemRoot\System32\Drivers\afk0cy62.SYS fffff88001b9a000-fffff88001beb000 (331776 bytes)
  1808.  
  1809. ---- Threads - GMER 2.1 ----
  1810.  
  1811. Thread C:\Windows\System32\svchost.exe [3568:5136] 000007fef9fd9688
  1812. Thread C:\Windows\Explorer.EXE [3932:4152] 000007fefd33c608
  1813. Thread C:\Windows\Explorer.EXE [3932:4224] 000007fefd33c608
  1814. Thread C:\Windows\Explorer.EXE [3932:4276] 000007fef1402154
  1815. Thread C:\Windows\Explorer.EXE [3932:4880] 000007fefd33c608
  1816. Thread C:\Windows\Explorer.EXE [3932:4908] 000007fefd33c608
  1817. Thread C:\Windows\Explorer.EXE [3932:4916] 000007fefd33c608
  1818. Thread C:\Windows\Explorer.EXE [3932:4920] 000007fefec60168
  1819. Thread C:\Windows\Explorer.EXE [3932:4928] 000007fefd33c608
  1820. Thread C:\Windows\Explorer.EXE [3932:4952] 000007fefaab1010
  1821. Thread C:\Windows\Explorer.EXE [3932:4956] 000007fefd33c608
  1822. Thread C:\Windows\Explorer.EXE [3932:4964] 000007fefb346204
  1823. Thread C:\Windows\Explorer.EXE [3932:5040] 000007fefd33c608
  1824. Thread C:\Windows\Explorer.EXE [3932:5044] 000007fefd33c608
  1825. Thread C:\Windows\Explorer.EXE [3932:1280] 000007feec292118
  1826. Thread C:\Windows\Explorer.EXE [3932:6220] 000007fefec60168
  1827. Thread C:\Windows\Explorer.EXE [3932:7128] 000007fefd33c608
  1828. Thread C:\Windows\Explorer.EXE [3932:8052] 000007fefec60168
  1829. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1396:6824] 000007feeecd4094
  1830. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1396:6880] 000007feeecd4094
  1831. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1396:6932] 000007fed25ec680
  1832. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3360:7028] 000007feeecd4094
  1833. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3360:7032] 000007fed292838c
  1834. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3360:7036] 000007feeecd4094
  1835. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3360:7040] 000007fed25ec680
  1836. Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3360:7044] 000007feeecd4094
  1837. Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5060:4780] 000007fefec60168
  1838. Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5060:2820] 000007fefafc2a7c
  1839. Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5060:4884] 000007fee593d618
  1840. Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5060:3856] 000007fef4cb5124
  1841. Thread C:\Windows\system32\svchost.exe [5212:4372] 000007fef96ee8c4
  1842. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:5892] 000007fee8efeb4c
  1843. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:4156] 000007fee8efd724
  1844. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:2184] 000007fee8ecb7ec
  1845. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:5772] 000007fee8ef19d4
  1846. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:4608] 000007fee8efeb4c
  1847. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:2112] 000007fee8efeb4c
  1848. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:5172] 000007fed49f5d28
  1849. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6104] 000007fee8efeb4c
  1850. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:5960] 000007fee8efeb4c
  1851. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6236] 000007fefec60168
  1852. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6260] 000007fed3b91b5c
  1853. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6360] 000007fee8efeb4c
  1854. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:7016] 000007fee8efeb4c
  1855. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:7164] 000007fed6edf6dc
  1856. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:7076] 000007fefaab1010
  1857. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6544] 000007fee9117674
  1858. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6780] 000007feff02c648
  1859. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6716] 000007fee8efeb4c
  1860. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:2488] 000007fefec60168
  1861. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6452] 000007fee8efeb4c
  1862. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:8124] 000007fee8efeb4c
  1863. Thread C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE [5400:6744] 000007fee8efeb4c
  1864.  
  1865. ---- Registry - GMER 2.1 ----
  1866.  
  1867. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
  1868. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
  1869. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
  1870. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
  1871. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
  1872. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
  1873. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
  1874. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
  1875. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
  1876. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
  1877. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
  1878. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
  1879. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
  1880. Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
  1881. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
  1882. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
  1883. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
  1884. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
  1885. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
  1886. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
  1887. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
  1888. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
  1889. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
  1890. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
  1891. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
  1892. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
  1893. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
  1894. Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
  1895. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
  1896. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
  1897. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
  1898. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
  1899. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
  1900. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
  1901. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
  1902. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
  1903. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
  1904. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
  1905. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
  1906. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
  1907. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
  1908. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
  1909. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
  1910. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
  1911. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
  1912. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
  1913. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 90
  1914. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 2864999
  1915. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
  1916. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
  1917. Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
  1918. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
  1919. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
  1920. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
  1921. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
  1922. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
  1923. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
  1924. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
  1925. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
  1926. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
  1927. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
  1928. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
  1929. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
  1930. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
  1931. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
  1932. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
  1933. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
  1934. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
  1935. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
  1936. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
  1937. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
  1938. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
  1939. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
  1940. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
  1941. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
  1942. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
  1943. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
  1944. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
  1945. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
  1946. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
  1947. Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
  1948. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
  1949. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
  1950. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
  1951. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
  1952. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
  1953. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
  1954. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
  1955. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
  1956. Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
  1957. Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
  1958. Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
  1959. Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
  1960. Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
  1961. Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
  1962. Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
  1963. Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
  1964. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
  1965. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
  1966. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
  1967. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
  1968. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
  1969. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
  1970. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
  1971. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
  1972. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
  1973. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
  1974. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
  1975. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
  1976. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
  1977. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
  1978. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
  1979. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0x69 0x09 0x31 ...
  1980. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
  1981. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
  1982. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x5B 0x2B 0xB6 ...
  1983. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
  1984. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
  1985. Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0xF1 0x13 0x24 ...
  1986. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
  1987. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
  1988. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
  1989. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
  1990. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
  1991. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
  1992. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
  1993. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
  1994. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
  1995. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
  1996. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
  1997. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
  1998. Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
  1999. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
  2000. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
  2001. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
  2002. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
  2003. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
  2004. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
  2005. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
  2006. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
  2007. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
  2008. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
  2009. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
  2010. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
  2011. Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
  2012. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
  2013. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
  2014. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
  2015. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
  2016. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
  2017. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
  2018. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
  2019. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
  2020. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
  2021. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
  2022. Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
  2023. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
  2024. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
  2025. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
  2026. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
  2027. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
  2028. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
  2029. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 90
  2030. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 2864999
  2031. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
  2032. Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
  2033. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
  2034. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
  2035. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
  2036. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
  2037. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
  2038. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
  2039. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
  2040. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
  2041. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
  2042. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
  2043. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
  2044. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
  2045. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
  2046. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
  2047. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
  2048. Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
  2049. Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
  2050. Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
  2051. Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
  2052. Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
  2053. Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
  2054. Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
  2055. Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
  2056. Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
  2057. Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
  2058. Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
  2059. Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
  2060. Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
  2061. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
  2062. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
  2063. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
  2064. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
  2065. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
  2066. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
  2067. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
  2068. Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
  2069. Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
  2070. Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
  2071. Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
  2072. Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
  2073. Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
  2074. Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
  2075. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
  2076. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
  2077. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
  2078. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
  2079. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
  2080. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
  2081. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
  2082. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
  2083. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
  2084. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
  2085. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
  2086. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
  2087. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
  2088. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
  2089. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xA0 0x50 0x94 ...
  2090. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
  2091. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
  2092. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x5B 0x2B 0xB6 ...
  2093. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
  2094. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
  2095. Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0x03 0x4D 0xD0 ...
  2096.  
  2097. ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!