GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-06 11:08:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AR1 931,51GB Running: 331rhm5s.exe; Driver: C:\Users\euro\AppData\Local\Temp\uxldrpod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037fd000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800037fd042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000149b70440 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000149b70430 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000149b70450 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000149b703b0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000149b70320 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000149b70380 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000149b702e0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000149b70410 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000149b702d0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000149b70310 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000149b70390 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000149b703c0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000149b70230 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000149b70460 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000149b70370 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000149b702f0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000149b70350 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000149b70290 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000149b702b0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000149b703a0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000149b70330 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000149b703e0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000149b70240 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000149b701e0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000149b70250 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000149b70470 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000149b70480 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000149b70300 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000149b70360 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000149b702a0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000149b702c0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000149b70340 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000149b70420 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000149b70260 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000149b70270 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000149b703d0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000149b701f0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000149b70210 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000149b70200 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000149b703f0 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000149b70400 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000149b70220 .text C:\windows\system32\csrss.exe[528] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000149b70280 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000149b70440 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000149b70430 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000149b70450 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000149b703b0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000149b70320 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000149b70380 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000149b702e0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000149b70410 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000149b702d0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000149b70310 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000149b70390 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000149b703c0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000149b70230 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000149b70460 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000149b70370 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000149b702f0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000149b70350 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000149b70290 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000149b702b0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000149b703a0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000149b70330 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000149b703e0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000149b70240 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000149b701e0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000149b70250 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000149b70470 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000149b70480 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000149b70300 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000149b70360 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000149b702a0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000149b702c0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000149b70340 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000149b70420 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000149b70260 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000149b70270 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000149b703d0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000149b701f0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000149b70210 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000149b70200 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000149b703f0 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000149b70400 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000149b70220 .text C:\windows\system32\csrss.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000149b70280 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\wininit.exe[628] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\wininit.exe[628] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\services.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\services.exe[684] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\lsass.exe[692] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000100070440 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000100070430 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000100070450 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001000703b0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000100070320 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000100070380 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000100070410 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000100070310 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000100070390 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000100070230 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000100070460 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000100070370 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000100070250 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000100070470 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000100070480 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000100070420 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 00000001000703d0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 00000001000703f0 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000100070400 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\lsm.exe[704] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\winlogon.exe[752] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\winlogon.exe[752] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\svchost.exe[844] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\nvvsvc.exe[928] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\svchost.exe[968] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\System32\svchost.exe[536] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\System32\svchost.exe[516] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\svchost.exe[792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\svchost.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\svchost.exe[1028] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[1240] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1292] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\nvvsvc.exe[1332] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\WLANExt.exe[1504] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\System32\spoolsv.exe[1644] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010026075c .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001002603a4 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100260b14 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100260ecc .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010026163c .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100261284 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\taskhost.exe[2112] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010024075c .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001002403a4 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100240b14 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100240ecc .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010024163c .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100241284 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\Dwm.exe[2188] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 00000001002e075c .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001002e03a4 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000100070440 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000100070430 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 00000001002e0b14 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 00000001002e0ecc .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000100070450 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001002e163c .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000100070320 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000100070380 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 00000001000702e0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000100070410 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 00000001000702d0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000100070310 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000100070390 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 00000001002e1284 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 00000001000703c0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000100070230 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000100070460 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000100070370 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 00000001000702f0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000100070350 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000100070290 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 00000001000702b0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 00000001000703a0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000100070330 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 00000001000703e0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000100070240 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 00000001000701e0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000100070250 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000100070470 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000100070480 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000100070300 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000100070360 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 00000001000702a0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 00000001000702c0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000100070340 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000100070420 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000100070260 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000100070270 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 00000001000703d0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 00000001000701f0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000100070210 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000100070200 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 00000001000703f0 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000100070400 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000100070220 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000100070280 .text C:\windows\Explorer.EXE[2216] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\Explorer.EXE[2216] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001001301f8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001001303fc .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100130804 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100130600 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100130a08 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777d1465 2 bytes [7D, 77] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777d14bb 2 bytes [7D, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2612] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2612] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2612] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2612] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2612] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2612] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2612] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100111014 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100110c0c .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100110e10 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777d1465 2 bytes [7D, 77] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777d14bb 2 bytes [7D, 77] .text ... * 2 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100241014 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100240804 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100240a08 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100240c0c .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100240e10 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002401f8 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002403fc .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100240600 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002501f8 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002503fc .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100250804 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100250600 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2768] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100250a08 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010019075c .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001001903a4 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100190b14 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100190ecc .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010019163c .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100191284 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\taskeng.exe[2776] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 00000001001f075c .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001001f03a4 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 00000001001f0b14 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 00000001001f0ecc .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001001f163c .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 00000001001f1284 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\taskeng.exe[2828] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2912] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2912] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2912] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2912] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2912] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2912] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2912] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100261014 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100260c0c .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100260e10 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2484] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100260600 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010013075c .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001001303a4 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100130b14 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100130ecc .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010013163c .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100131284 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\svchost.exe[780] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010045075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001004503a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100450b14 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100450ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010045163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100451284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3180] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010021075c .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001002103a4 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100210b14 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100210ecc .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010021163c .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100211284 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Elantech\ETDCtrl.exe[3364] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 00000001002e075c .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001002e03a4 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 00000001002e0b14 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 00000001002e0ecc .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001002e163c .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 00000001002e1284 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[3384] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010014075c .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001001403a4 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000100070440 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000100070430 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100140b14 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100140ecc .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000100070450 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010014163c .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000100070320 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000100070380 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000100070410 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000100070310 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000100070390 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100141284 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 00000001000703c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000100070230 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000100070460 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000100070370 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 00000001000703e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000100070250 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000100070470 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000100070480 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000100070420 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 00000001000703d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 00000001000703f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000100070400 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Windows Sidebar\sidebar.exe[3880] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 00000001001e075c .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001001e03a4 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 00000001001e0b14 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 00000001001e0ecc .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001001e163c .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 00000001001e1284 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Windows\System32\StikyNot.exe[3332] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3132] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3460] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100250600 .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\svchost.exe[3388] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\svchost.exe[4000] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010032075c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001003203a4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100320b14 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100320ecc .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010032163c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100321284 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1844] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 00000001002c075c .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001002c03a4 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 00000001002c0b14 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 00000001002c0ecc .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001002c163c .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 00000001002c1284 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\SearchIndexer.exe[4556] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4892] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100240600 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100240804 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100240c0c .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100240a08 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001002401f8 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001002403fc .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002501f8 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002503fc .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100250804 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100250600 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100250a08 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100261014 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100260804 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100260a08 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100260c0c .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100260e10 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002601f8 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002603fc .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100260600 .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000777d1465 2 bytes [7D, 77] .text C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe[5096] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000777d14bb 2 bytes [7D, 77] .text ... * 2 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 00000001003b075c .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001003b03a4 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000100070440 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000100070430 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 00000001003b0b14 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 00000001003b0ecc .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000100070450 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001003b163c .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000100070320 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000100070380 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000100070410 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 00000001000702d0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000100070310 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000100070390 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 00000001003b1284 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 00000001000703c0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000100070230 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000100070460 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000100070370 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 00000001000702f0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000100070350 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000100070290 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 00000001000702b0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 00000001000703a0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000100070330 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 00000001000703e0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000100070240 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000100070250 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000100070470 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000100070480 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000100070300 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000100070360 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 00000001000702a0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 00000001000702c0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000100070340 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000100070420 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 00000001000703d0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000100070200 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 00000001000703f0 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000100070400 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000100070220 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\System32\svchost.exe[4780] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2084] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100261014 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100260c0c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100260e10 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777d1465 2 bytes [7D, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777d14bb 2 bytes [7D, 77] .text ... * 2 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010051075c .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001005103a4 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100510b14 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100510ecc .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010051163c .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100511284 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\DllHost.exe[4452] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 000000010010075c .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001001003a4 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 0000000100100b14 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 0000000100100ecc .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 000000010010163c .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 0000000100101284 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\svchost.exe[560] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\System32\svchost.exe[5280] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c53b10 5 bytes JMP 00000001002c075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077c57ac0 5 bytes JMP 00000001002c03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c81430 5 bytes JMP 00000001002c0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c81490 5 bytes JMP 00000001002c0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 00000001002c163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c817b0 5 bytes JMP 00000001002c1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5436] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[5960] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5804] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100250a08 .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1c6e00 5 bytes JMP 000007ff7e1e1dac .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1c6f2c 5 bytes JMP 000007ff7e1e0ecc .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1c7220 5 bytes JMP 000007ff7e1e1284 .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1c739c 5 bytes JMP 000007ff7e1e163c .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1c7538 5 bytes JMP 000007ff7e1e19f4 .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1c75e8 5 bytes JMP 000007ff7e1e03a4 .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1c790c 5 bytes JMP 000007ff7e1e075c .text C:\windows\system32\svchost.exe[3624] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1c7ab4 5 bytes JMP 000007ff7e1e0b14 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\user32.DLL!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001002501f8 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\user32.DLL!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001002503fc .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\user32.DLL!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100250804 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\user32.DLL!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100250600 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\user32.DLL!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100250a08 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100261014 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100260804 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100260a08 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100260c0c .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100260e10 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001002601f8 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001002603fc .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100260600 .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 69 00000000777d1465 2 bytes [7D, 77] .text C:\Users\euro\Desktop\Downloads\OTL.exe[6072] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000777d14bb 2 bytes [7D, 77] .text ... * 2 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077e2fac0 5 bytes JMP 0000000100030600 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077e2fb58 5 bytes JMP 0000000100030804 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e2fcb0 5 bytes JMP 0000000100030c0c .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e30038 5 bytes JMP 0000000100030a08 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077e4c4dd 5 bytes JMP 00000001000301f8 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e51287 5 bytes JMP 00000001000303fc .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007709ee09 5 bytes JMP 00000001001001f8 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\syswow64\USER32.dll!UnhookWinEvent 00000000770a3982 5 bytes JMP 00000001001003fc .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770a7603 5 bytes JMP 0000000100100804 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770a835c 5 bytes JMP 0000000100100600 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770bf52b 5 bytes JMP 0000000100100a08 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077945181 5 bytes JMP 0000000100161014 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077945254 5 bytes JMP 0000000100160804 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000779453d5 5 bytes JMP 0000000100160a08 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000779454c2 5 bytes JMP 0000000100160c0c .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000779455e2 5 bytes JMP 0000000100160e10 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007794567c 5 bytes JMP 00000001001601f8 .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007794589f 5 bytes JMP 00000001001603fc .text C:\windows\SysWOW64\ctfmon.exe[2956] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000077945a22 5 bytes JMP 0000000100160600 .text C:\windows\notepad.exe[4820] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c81360 5 bytes JMP 0000000077de0440 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c813b0 5 bytes JMP 0000000077de0430 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c81560 5 bytes JMP 0000000077de0450 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c81570 5 bytes JMP 0000000077de03b0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c81620 5 bytes JMP 0000000077de0320 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c81650 5 bytes JMP 0000000077de0380 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c816b0 5 bytes JMP 0000000077de02e0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c81700 5 bytes JMP 0000000077de0410 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c81730 5 bytes JMP 0000000077de02d0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c81750 5 bytes JMP 0000000077de0310 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c81790 5 bytes JMP 0000000077de0390 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c817e0 5 bytes JMP 0000000077de03c0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c81940 5 bytes JMP 0000000077de0230 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c81b00 5 bytes JMP 0000000077de0460 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c81b30 5 bytes JMP 0000000077de0370 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c81c10 5 bytes JMP 0000000077de02f0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c81c20 5 bytes JMP 0000000077de0350 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c81c80 5 bytes JMP 0000000077de0290 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c81d10 5 bytes JMP 0000000077de02b0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c81d30 5 bytes JMP 0000000077de03a0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c81d40 5 bytes JMP 0000000077de0330 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c81db0 5 bytes JMP 0000000077de03e0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c81de0 5 bytes JMP 0000000077de0240 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c820a0 5 bytes JMP 0000000077de01e0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c82160 5 bytes JMP 0000000077de0250 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c82190 5 bytes JMP 0000000077de0470 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c821a0 5 bytes JMP 0000000077de0480 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c821d0 5 bytes JMP 0000000077de0300 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c821e0 5 bytes JMP 0000000077de0360 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c82240 5 bytes JMP 0000000077de02a0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c82290 5 bytes JMP 0000000077de02c0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c822d0 5 bytes JMP 0000000077de0340 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c825c0 5 bytes JMP 0000000077de0420 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c827c0 5 bytes JMP 0000000077de0260 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c827d0 5 bytes JMP 0000000077de0270 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c827e0 5 bytes JMP 0000000077de03d0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c829a0 5 bytes JMP 0000000077de01f0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c829b0 5 bytes JMP 0000000077de0210 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c82a20 5 bytes JMP 0000000077de0200 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c82a80 5 bytes JMP 0000000077de03f0 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c82a90 5 bytes JMP 0000000077de0400 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c82aa0 5 bytes JMP 0000000077de0220 .text C:\windows\notepad.exe[5876] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c82b80 5 bytes JMP 0000000077de0280 .text C:\windows\notepad.exe[5876] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a6ef8d 1 byte [62] .text C:\Users\euro\Desktop\Downloads\331rhm5s.exe[1872] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ea2fd 1 byte [62] ---- Devices - GMER 2.1 ---- Device \Driver\MBAMWebAccessControl \Device\StreamEitor fffff8800acaa588 Device \FileSystem\MBAMSwissArmy \Device\MBAMSwissArmy fffff8800ac9e104 ---- Processes - GMER 2.1 ---- Library C:\Users\euro\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2014-07-21 20:53:38) 00000000040b0000 Library c:\users\euro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_nb1e5.dll (*** suspicious ***) @ C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2014-08-06 07:09:55) 0000000004500000 Library C:\Users\euro\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2013-10-18 23:55:02) 0000000065ff0000 Library C:\Users\euro\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\euro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000686e0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00006b0289b0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dee0ddd6 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00006b0289b0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dee0ddd6 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----