GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-05-29 15:04:26 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01108 298,09GB Running: m57g1hli.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88005349c34 12 bytes {MOV RAX, 0xfffffa8004f7a2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100120460 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100120450 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100120370 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100120470 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001001203e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100120320 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001001203b0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100120390 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001001202e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001001202d0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100120310 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001001203c0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001001203f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100120230 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100120480 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001001203a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001001202f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100120350 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100120290 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001001202b0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001001203d0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100120330 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100120410 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100120240 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001001201e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100120250 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100120490 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001001204a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100120300 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100120360 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001001202a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001001202c0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100120380 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100120340 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100120440 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100120260 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100120270 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100120400 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001001201f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100120210 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100120200 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100120420 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100120430 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100120220 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100120280 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100040460 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100040370 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100040470 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100040320 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100040390 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100040310 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100040230 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100040480 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100040350 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100040290 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100040330 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100040250 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100040490 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100040200 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100040420 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100040430 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\wininit.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100120460 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100120450 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100120370 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100120470 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001001203e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100120320 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001001203b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100120390 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001001202e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001001202d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100120310 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001001203c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001001203f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100120230 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100120480 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001001203a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001001202f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100120350 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100120290 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001001202b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001001203d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100120330 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100120410 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100120240 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001001201e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100120250 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100120490 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001001204a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100120300 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100120360 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001001202a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001001202c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100120380 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100120340 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100120440 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100120260 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100120270 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100120400 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001001201f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100120210 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100120200 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100120420 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100120430 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100120220 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100120280 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\services.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\lsass.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\nvvsvc.exe[872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\System32\svchost.exe[264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\System32\svchost.exe[264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\svchost.exe[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1652] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[1688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\System32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\SearchIndexer.exe[2584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\svchost.exe[2788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\LogonUI.exe[2304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\nvvsvc.exe[2900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[2776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000100060280 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\Dwm.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\Explorer.EXE[3112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\Explorer.EXE[3112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files (x86)\EXPERTool\TBPANEL.exe[3636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[3844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Program Files (x86)\Winamp\winampa.exe[3860] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3940] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075c6d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\System32\svchost.exe[3496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\wbem\wmiprvse.exe[3032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075651401 2 bytes JMP 75c7eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075651419 2 bytes JMP 75c8b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075651431 2 bytes JMP 75d08609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007565144a 2 bytes CALL 75c61dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756514dd 2 bytes JMP 75d07efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756514f5 2 bytes JMP 75d080d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007565150d 2 bytes JMP 75d07df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075651525 2 bytes JMP 75d081c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007565153d 2 bytes JMP 75c7f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075651555 2 bytes JMP 75c8b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007565156d 2 bytes JMP 75d086c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075651585 2 bytes JMP 75d08222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007565159d 2 bytes JMP 75d07db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756515b5 2 bytes JMP 75c7f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756515cd 2 bytes JMP 75c8b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756516b2 2 bytes JMP 75d08584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756516bd 2 bytes JMP 75d07d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\AUDIODG.EXE[5360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007782ff60 5 bytes JMP 0000000077990460 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007782ffb0 5 bytes JMP 0000000077990450 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077830110 5 bytes JMP 0000000077990370 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077830160 5 bytes JMP 0000000077990470 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077830170 5 bytes JMP 00000000779903e0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077830220 5 bytes JMP 0000000077990320 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077830250 5 bytes JMP 00000000779903b0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077830270 5 bytes JMP 0000000077990390 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778302b0 5 bytes JMP 00000000779902e0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077830330 5 bytes JMP 00000000779902d0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077830350 5 bytes JMP 0000000077990310 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077830390 5 bytes JMP 00000000779903c0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778303e0 5 bytes JMP 00000000779903f0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077830540 5 bytes JMP 0000000077990230 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077830700 5 bytes JMP 0000000077990480 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077830730 5 bytes JMP 00000000779903a0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077830810 5 bytes JMP 00000000779902f0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077830820 5 bytes JMP 0000000077990350 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077830880 5 bytes JMP 0000000077990290 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077830910 5 bytes JMP 00000000779902b0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077830930 5 bytes JMP 00000000779903d0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077830940 5 bytes JMP 0000000077990330 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778309b0 5 bytes JMP 0000000077990410 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778309e0 5 bytes JMP 0000000077990240 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077830ca0 5 bytes JMP 00000000779901e0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077830d60 5 bytes JMP 0000000077990250 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077830d90 5 bytes JMP 0000000077990490 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077830da0 5 bytes JMP 00000000779904a0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077830dd0 5 bytes JMP 0000000077990300 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077830de0 5 bytes JMP 0000000077990360 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077830e40 5 bytes JMP 00000000779902a0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077830e90 5 bytes JMP 00000000779902c0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077830ec0 5 bytes JMP 0000000077990380 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077830ed0 5 bytes JMP 0000000077990340 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778311c0 5 bytes JMP 0000000077990440 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778313c0 5 bytes JMP 0000000077990260 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778313d0 5 bytes JMP 0000000077990270 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778313e0 5 bytes JMP 0000000077990400 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778315a0 5 bytes JMP 00000000779901f0 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778315b0 5 bytes JMP 0000000077990210 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077831620 5 bytes JMP 0000000077990200 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077831680 5 bytes JMP 0000000077990420 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077831690 5 bytes JMP 0000000077990430 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778316a0 5 bytes JMP 0000000077990220 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077831780 5 bytes JMP 0000000077990280 .text C:\Windows\system32\taskhost.exe[3188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007761f1bd 1 byte [62] .text C:\Users\User\Desktop\m57g1hli.exe[2056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c8b0c5 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88000f12650] \SystemRoot\System32\Drivers\spzv.sys [unknown section] IAT C:\Windows\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff88000f125dc] \SystemRoot\System32\Drivers\spzv.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88000edd35c] \SystemRoot\System32\Drivers\spzv.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88000edd224] \SystemRoot\System32\Drivers\spzv.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88000edda24] \SystemRoot\System32\Drivers\spzv.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88000eddba0] \SystemRoot\System32\Drivers\spzv.sys [unknown section] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef94d741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef94d5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef94d5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef94d5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef94d7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef94d6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef94d6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef94d7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef94d7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef94d78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef94d4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef94d5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1884] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef94d7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80046ea2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80046ea2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80046ea2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80046ea2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80046ea2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80046ea2c0 Device \FileSystem\Ntfs \Ntfs fffffa80046ee2c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa800500e2c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8004f712c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8004f712c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004aff2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{9DE36D26-C1CB-4BF3-8327-46E360030919} fffffa8004d012c0 Device \Driver\usbohci \Device\USBPDO-6 fffffa8004f712c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8004f712c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004f712c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa800500e2c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa800500e2c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8004f712c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8004f712c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80046e62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{46BFBCE5-3AE4-4105-8FB4-A0B70FD71F45} fffffa8004d012c0 Device \Driver\volmgr \Device\FtControl fffffa80046e62c0 Device \Driver\volmgr \Device\VolMgrControl fffffa80046e62c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80046e62c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80046e62c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004d012c0 Device \Driver\usbohci \Device\USBFDO-6 fffffa8004f712c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8004f712c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80046ea2c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa800500e2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004f712c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80046ea2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80046ea2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80046ea2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046ea2c0]<< spzv.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80046ea2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae5060] fffffa8004ae5060 Trace 3 CLASSPNP.SYS[fffff880015c643f] -> nt!IofCallDriver -> [0xfffffa8004857e40] fffffa8004857e40 Trace 5 ACPI.sys[fffff88000e3a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800485c060] fffffa800485c060 Trace \Driver\atapi[0xfffffa8004844060] -> IRP_MJ_CREATE -> 0xfffffa80046ea2c0 fffffa80046ea2c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1860:3996] 0000000075597587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1860:3316] 000000006d910cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1860:932] 0000000077a21c7f Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1860:2736] 0000000077a22c91 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1860:6036] 0000000077a22c91 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xFD 0x11 0xB0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x3A 0xCD 0x6A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0x83 0xFF 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD5 0x13 0x2E 0xF2 ... ---- EOF - GMER 2.1 ----