GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-10 19:59:29 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB Running: njmkh7rf.exe; Driver: C:\Users\win7\AppData\Local\Temp\aftcyaod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000149830460 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000149830450 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000149830370 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000149830470 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000001498303e0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000149830320 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000001498303b0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000149830390 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000001498302e0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000001498302d0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000149830310 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000001498303c0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000001498303f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000149830230 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000149830480 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000001498303a0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000001498302f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000149830350 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000149830290 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000001498302b0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000001498303d0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000149830330 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000149830410 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000149830240 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000001498301e0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000149830250 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000149830490 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000001498304a0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000149830300 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000149830360 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000001498302a0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000001498302c0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000149830380 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000149830340 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000149830440 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000149830260 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000149830270 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000149830400 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000001498301f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000149830210 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000149830200 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000149830420 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000149830430 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000149830220 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000149830280 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\wininit.exe[560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000149830460 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000149830450 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000149830370 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000149830470 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000001498303e0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000149830320 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000001498303b0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000149830390 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000001498302e0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000001498302d0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000149830310 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000001498303c0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000001498303f0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000149830230 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000149830480 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000001498303a0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000001498302f0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000149830350 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000149830290 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000001498302b0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000001498303d0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000149830330 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000149830410 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000149830240 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000001498301e0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000149830250 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000149830490 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000001498304a0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000149830300 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000149830360 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000001498302a0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000001498302c0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000149830380 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000149830340 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000149830440 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000149830260 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000149830270 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000149830400 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000001498301f0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000149830210 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000149830200 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000149830420 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000149830430 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000149830220 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000149830280 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\winlogon.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\lsass.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\System32\svchost.exe[348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WPM\wprotectmanager.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\taskeng.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[1612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ASGT.exe[2004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe[2152] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe[2152] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\System32\svchost.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\wbem\wmiprvse.exe[2708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\conhost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[2920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\nvvsvc.exe[3316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\taskhost.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\Dwm.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\Explorer.EXE[3668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\Explorer.EXE[3668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\AppData\Local\Akamai\netsession_win.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007769ff60 5 bytes JMP 0000000077800460 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007769ffb0 5 bytes JMP 0000000077800450 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776a0110 5 bytes JMP 0000000077800370 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776a0160 5 bytes JMP 0000000077800470 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776a0170 5 bytes JMP 00000000778003e0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776a0220 5 bytes JMP 0000000077800320 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776a0250 5 bytes JMP 00000000778003b0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776a0270 5 bytes JMP 0000000077800390 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776a02b0 5 bytes JMP 00000000778002e0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776a0330 5 bytes JMP 00000000778002d0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776a0350 5 bytes JMP 0000000077800310 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776a0390 5 bytes JMP 00000000778003c0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776a03e0 5 bytes JMP 00000000778003f0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776a0540 5 bytes JMP 0000000077800230 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776a0700 5 bytes JMP 0000000077800480 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776a0730 5 bytes JMP 00000000778003a0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776a0810 5 bytes JMP 00000000778002f0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776a0820 5 bytes JMP 0000000077800350 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776a0880 5 bytes JMP 0000000077800290 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776a0910 5 bytes JMP 00000000778002b0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776a0930 5 bytes JMP 00000000778003d0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776a0940 5 bytes JMP 0000000077800330 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776a09b0 5 bytes JMP 0000000077800410 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776a09e0 5 bytes JMP 0000000077800240 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776a0ca0 5 bytes JMP 00000000778001e0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776a0d60 5 bytes JMP 0000000077800250 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776a0d90 5 bytes JMP 0000000077800490 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776a0da0 5 bytes JMP 00000000778004a0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776a0dd0 5 bytes JMP 0000000077800300 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776a0de0 5 bytes JMP 0000000077800360 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776a0e40 5 bytes JMP 00000000778002a0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776a0e90 5 bytes JMP 00000000778002c0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776a0ec0 5 bytes JMP 0000000077800380 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776a0ed0 5 bytes JMP 0000000077800340 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776a11c0 5 bytes JMP 0000000077800440 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776a13c0 5 bytes JMP 0000000077800260 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776a13d0 5 bytes JMP 0000000077800270 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776a13e0 5 bytes JMP 0000000077800400 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776a15a0 5 bytes JMP 00000000778001f0 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776a15b0 5 bytes JMP 0000000077800210 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776a1620 5 bytes JMP 0000000077800200 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776a1680 5 bytes JMP 0000000077800420 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776a1690 5 bytes JMP 0000000077800430 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776a16a0 5 bytes JMP 0000000077800220 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776a1780 5 bytes JMP 0000000077800280 .text C:\Windows\system32\SearchIndexer.exe[3144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Winamp\winampa.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4292] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\AUDIODG.EXE[4828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007748f1bd 1 byte [62] .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758bb0c5 1 byte [62] .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077022a62 5 bytes JMP 0000000174ec7440 .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 758aeb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 758bb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 75938609 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 75891dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 75937efe C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 759380d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 75937df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 759381c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 758af088 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 758bb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 759386c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 75938222 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 75937db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 758af121 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 758bb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 75938584 C:\Windows\syswow64\kernel32.dll .text C:\Users\win7\Downloads\njmkh7rf.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 75937d4d C:\Windows\syswow64\kernel32.dll ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:4272] 000007fefbaf2a74 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:4232] 000007fef97c5124 ---- Processes - GMER 2.1 ---- Process C:\Users\win7\AppData\Local\Akamai\netsession_win.exe (*** suspicious ***) @ C:\Users\win7\AppData\Local\Akamai\netsession_win.exe [3956] (Akamai NetSession Client/Akamai Technologies, Inc.)(2013-06-04 23:01:52) 0000000000400000 Process C:\Users\win7\AppData\Local\Akamai\netsession_win.exe (*** suspicious ***) @ C:\Users\win7\AppData\Local\Akamai\netsession_win.exe [1072] (Akamai NetSession Client/Akamai Technologies, Inc.)(2013-06-04 23:01:52) 0000000000400000 ---- EOF - GMER 2.1 ----