GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-02 17:09:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: if3drckj.exe; Driver: C:\Users\Siema\AppData\Local\Temp\uxriapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 000000014a160470 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 000000014a160460 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 000000014a160370 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 000000014a160480 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 000000014a1603e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 000000014a160320 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 000000014a1603b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 000000014a160390 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 000000014a1602e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 000000014a160440 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 000000014a1602d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 000000014a160310 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 000000014a1603c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 000000014a1603f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 000000014a160230 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffffd260e890} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 000000014a160490 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 000000014a1603a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 000000014a1602f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 000000014a160350 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 000000014a160290 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 000000014a1602b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 000000014a1603d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 000000014a160330 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffffd260e590} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 000000014a160410 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 000000014a160240 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 000000014a1601e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 000000014a160250 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffffd260e090} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 000000014a1604a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 000000014a1604b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 000000014a160300 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 000000014a160360 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 000000014a1602a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 000000014a1602c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 000000014a160380 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 000000014a160340 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 000000014a160450 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 000000014a160260 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 000000014a160270 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 000000014a160400 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 000000014a1601f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 000000014a160210 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 000000014a160200 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 000000014a160420 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 000000014a160430 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 000000014a160220 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 000000014a160280 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\wininit.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 000000014a160470 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 000000014a160460 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 000000014a160370 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 000000014a160480 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 000000014a1603e0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 000000014a160320 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 000000014a1603b0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 000000014a160390 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 000000014a1602e0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 000000014a160440 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 000000014a1602d0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 000000014a160310 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 000000014a1603c0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 000000014a1603f0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 000000014a160230 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffffd260e890} .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 000000014a160490 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 000000014a1603a0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 000000014a1602f0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 000000014a160350 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 000000014a160290 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 000000014a1602b0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 000000014a1603d0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 000000014a160330 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffffd260e590} .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 000000014a160410 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 000000014a160240 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 000000014a1601e0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 000000014a160250 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffffd260e090} .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 000000014a1604a0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 000000014a1604b0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 000000014a160300 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 000000014a160360 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 000000014a1602a0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 000000014a1602c0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 000000014a160380 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 000000014a160340 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 000000014a160450 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 000000014a160260 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 000000014a160270 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 000000014a160400 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 000000014a1601f0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 000000014a160210 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 000000014a160200 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 000000014a160420 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 000000014a160430 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 000000014a160220 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 000000014a160280 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\services.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\winlogon.exe[732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\System32\svchost.exe[544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\AUDIODG.EXE[1076] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[1384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\WLANExt.exe[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\taskeng.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[1904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\taskeng.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Windows\system32\taskeng.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\Explorer.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\Explorer.EXE[2120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files\P4G\BatteryLife.exe[2236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2320] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Windows\SysWOW64\ACEngSvr.exe[2356] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe[2392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe[2412] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2736] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Windows\system32\svchost.exe[3056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2384] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cf1465 2 bytes [CF, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cf14bb 2 bytes [CF, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[3436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\System32\WerFault.exe[3664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0xffffffff8851e890} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0xffffffff8851e590} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0xffffffff8851e090} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 00000001000704b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files\iPod\bin\iPodService.exe[4380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4340] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cf1465 2 bytes [CF, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cf14bb 2 bytes [CF, 76] .text ... * 2 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Windows\System32\svchost.exe[3308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b513c0 5 bytes JMP 0000000077cb0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b51410 5 bytes JMP 0000000077cb0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b51570 5 bytes JMP 0000000077cb0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b515c0 5 bytes JMP 0000000077cb0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b515d0 5 bytes JMP 0000000077cb03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b51680 5 bytes JMP 0000000077cb0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b516b0 5 bytes JMP 0000000077cb03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b516d0 5 bytes JMP 0000000077cb0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b51710 5 bytes JMP 0000000077cb02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b51760 5 bytes JMP 0000000077cb0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b51790 5 bytes JMP 0000000077cb02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b517b0 5 bytes JMP 0000000077cb0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b517f0 5 bytes JMP 0000000077cb03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b51840 5 bytes JMP 0000000077cb03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b519a0 1 byte JMP 0000000077cb0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000077b519a2 3 bytes {JMP 0x15e890} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b51b60 5 bytes JMP 0000000077cb0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b51b90 5 bytes JMP 0000000077cb03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b51c70 5 bytes JMP 0000000077cb02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b51c80 5 bytes JMP 0000000077cb0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b51ce0 5 bytes JMP 0000000077cb0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b51d70 5 bytes JMP 0000000077cb02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b51d90 5 bytes JMP 0000000077cb03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b51da0 1 byte JMP 0000000077cb0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077b51da2 3 bytes {JMP 0x15e590} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b51e10 5 bytes JMP 0000000077cb0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b51e40 5 bytes JMP 0000000077cb0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b52100 5 bytes JMP 0000000077cb01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b521c0 1 byte JMP 0000000077cb0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000077b521c2 3 bytes {JMP 0x15e090} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b521f0 5 bytes JMP 0000000077cb04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b52200 5 bytes JMP 0000000077cb04b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b52230 5 bytes JMP 0000000077cb0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b52240 5 bytes JMP 0000000077cb0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b522a0 5 bytes JMP 0000000077cb02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b522f0 5 bytes JMP 0000000077cb02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b52320 5 bytes JMP 0000000077cb0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b52330 5 bytes JMP 0000000077cb0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b52620 5 bytes JMP 0000000077cb0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b52820 5 bytes JMP 0000000077cb0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b52830 5 bytes JMP 0000000077cb0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b52840 5 bytes JMP 0000000077cb0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b52a00 5 bytes JMP 0000000077cb01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b52a10 5 bytes JMP 0000000077cb0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b52a80 5 bytes JMP 0000000077cb0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b52ae0 5 bytes JMP 0000000077cb0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b52af0 5 bytes JMP 0000000077cb0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b52b00 5 bytes JMP 0000000077cb0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b52be0 5 bytes JMP 0000000077cb0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007768eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] .text C:\Users\Siema\Downloads\if3drckj.exe[4676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a30a 1 byte [62] ---- EOF - GMER 2.1 ----