GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-15 18:53:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST1000DM005_HD103SJ rev.1AJ10001 931,51GB Running: lxq84eys.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- ? C:\Windows\system32\DRIVERS\Mam3.sys [0] entry point in "init" section fffff88006f2c010 ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 000000014a160460 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 000000014a160450 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 000000014a160370 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 000000014a160470 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 000000014a1603e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 000000014a160320 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 000000014a1603b0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 000000014a160390 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 000000014a1602e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 000000014a1602d0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 000000014a160310 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 000000014a1603c0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 000000014a1603f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 000000014a160230 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 000000014a160480 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 000000014a1603a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 000000014a1602f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 000000014a160350 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 000000014a160290 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 000000014a1602b0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 000000014a1603d0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 000000014a160330 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 000000014a160410 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 000000014a160240 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 000000014a1601e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 000000014a160250 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 000000014a160490 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 000000014a1604a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 000000014a160300 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 000000014a160360 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 000000014a1602a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 000000014a1602c0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 000000014a160380 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 000000014a160340 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 000000014a160440 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 000000014a160260 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 000000014a160270 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 000000014a160400 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 000000014a1601f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 000000014a160210 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 000000014a160200 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 000000014a160420 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 000000014a160430 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 000000014a160220 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 000000014a160280 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 000000014a160460 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 000000014a160450 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 000000014a160370 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 000000014a160470 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 000000014a1603e0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 000000014a160320 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 000000014a1603b0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 000000014a160390 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 000000014a1602e0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 000000014a1602d0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 000000014a160310 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 000000014a1603c0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 000000014a1603f0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 000000014a160230 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 000000014a160480 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 000000014a1603a0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 000000014a1602f0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 000000014a160350 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 000000014a160290 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 000000014a1602b0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 000000014a1603d0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 000000014a160330 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 000000014a160410 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 000000014a160240 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 000000014a1601e0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 000000014a160250 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 000000014a160490 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 000000014a1604a0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 000000014a160300 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 000000014a160360 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 000000014a1602a0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 000000014a1602c0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 000000014a160380 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 000000014a160340 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 000000014a160440 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 000000014a160260 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 000000014a160270 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 000000014a160400 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 000000014a1601f0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 000000014a160210 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 000000014a160200 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 000000014a160420 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 000000014a160430 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 000000014a160220 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 000000014a160280 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\wininit.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\services.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\nvvsvc.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\System32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\AUDIODG.EXE[1284] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\Explorer.EXE[1840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\Explorer.EXE[1840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\System32\spoolsv.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\taskhost.exe[1324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\taskeng.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000100080460 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000100080450 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000100080370 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000100080470 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000001000803e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000100080320 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000001000803b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000100080390 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000001000802e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000001000802d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000100080310 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000001000803c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000001000803f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000100080230 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000100080480 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000001000803a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000001000802f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000100080350 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000100080290 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000001000802b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000001000803d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000100080330 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000100080410 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000100080240 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000001000801e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000100080250 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000100080490 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000001000804a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000100080300 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000100080360 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000001000802a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000001000802c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000100080380 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000100080340 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000100080440 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000100080260 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000100080270 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000100080400 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000001000801f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000100080210 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000100080200 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000100080420 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000100080430 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000100080220 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000100080280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000100070460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000100070370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000100070470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000100070320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000100070390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000100070310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000100070230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000100070250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000100070490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000100070250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2724] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75] .text C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2724] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2948] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000758e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[2968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2028] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1584] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000758e3495 5 bytes JMP 00000001024aa7c0 .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1584] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\conhost.exe[2636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000750c1a22 2 bytes [0C, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000750c1ad0 2 bytes [0C, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000750c1b08 2 bytes [0C, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000750c1bba 2 bytes [0C, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000750c1bda 2 bytes [0C, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75] .text ... * 2 .text C:\Windows\SysWOW64\PSIService.exe[3636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[3760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wbem\wmiprvse.exe[4092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000100070280 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Program Files\iPod\bin\iPodService.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\svchost.exe[4624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\svchost.exe[5112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\System32\svchost.exe[5340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000077940460 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000077940450 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000077940370 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000077940470 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000000779403e0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000077940320 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000000779403b0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000077940390 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000000779402e0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000000779402d0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000077940310 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000000779403c0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000000779403f0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000077940230 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000077940480 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000000779403a0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000000779402f0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000077940350 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000077940290 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000000779402b0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000000779403d0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000077940330 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000077940410 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000077940240 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000000779401e0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000077940250 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000077940490 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000000779404a0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000077940300 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000077940360 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000000779402a0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000000779402c0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000077940380 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000077940340 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000077940440 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000077940260 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000077940270 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000077940400 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000000779401f0 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000077940210 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000077940200 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000077940420 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000077940430 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000077940220 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000077940280 .text C:\Windows\System32\svchost.exe[1928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75] .text ... * 2 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777e1360 5 bytes JMP 0000000100070460 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777e13b0 5 bytes JMP 0000000100070450 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777e1510 5 bytes JMP 0000000100070370 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777e1560 5 bytes JMP 0000000100070470 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777e1570 5 bytes JMP 00000001000703e0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777e1620 5 bytes JMP 0000000100070320 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777e1650 5 bytes JMP 00000001000703b0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777e1670 5 bytes JMP 0000000100070390 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777e16b0 5 bytes JMP 00000001000702e0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777e1730 5 bytes JMP 00000001000702d0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777e1750 5 bytes JMP 0000000100070310 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777e1790 5 bytes JMP 00000001000703c0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777e17e0 5 bytes JMP 00000001000703f0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777e1940 5 bytes JMP 0000000100070230 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777e1b00 5 bytes JMP 0000000100070480 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777e1b30 5 bytes JMP 00000001000703a0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777e1c10 5 bytes JMP 00000001000702f0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777e1c20 5 bytes JMP 0000000100070350 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777e1c80 5 bytes JMP 0000000100070290 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777e1d10 5 bytes JMP 00000001000702b0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777e1d30 5 bytes JMP 00000001000703d0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777e1d40 5 bytes JMP 0000000100070330 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777e1db0 5 bytes JMP 0000000100070410 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777e1de0 5 bytes JMP 0000000100070240 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777e20a0 5 bytes JMP 00000001000701e0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777e2160 5 bytes JMP 0000000100070250 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777e2190 5 bytes JMP 0000000100070490 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777e21a0 5 bytes JMP 00000001000704a0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777e21d0 5 bytes JMP 0000000100070300 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777e21e0 5 bytes JMP 0000000100070360 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777e2240 5 bytes JMP 00000001000702a0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777e2290 5 bytes JMP 00000001000702c0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777e22c0 5 bytes JMP 0000000100070380 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777e22d0 5 bytes JMP 0000000100070340 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777e25c0 5 bytes JMP 0000000100070440 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777e27c0 5 bytes JMP 0000000100070260 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777e27d0 5 bytes JMP 0000000100070270 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777e27e0 5 bytes JMP 0000000100070400 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777e29a0 5 bytes JMP 00000001000701f0 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777e29b0 5 bytes JMP 0000000100070210 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777e2a20 5 bytes JMP 0000000100070200 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777e2a80 5 bytes JMP 0000000100070420 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777e2a90 5 bytes JMP 0000000100070430 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777e2aa0 5 bytes JMP 0000000100070220 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777e2b80 5 bytes JMP 0000000100070280 .text C:\Users\admin\Desktop\Mam3PAN.exe[6520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000775cef8d 1 byte [62] .text C:\Users\admin\Desktop\lxq84eys.exe[7148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007590a2fd 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800101ae94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800101ac38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800101b614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800101ba10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800101b86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800c6f02c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800c6f02c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800c6f02c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 fffffa800c6f02c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800c6f02c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800c6f02c0 Device \Driver\ak94aqy0 \Device\Scsi\ak94aqy01Port4Path0Target0Lun0 fffffa800e0b02c0 Device \Driver\ak94aqy0 \Device\Scsi\ak94aqy01 fffffa800e0b02c0 Device \FileSystem\Ntfs \Ntfs fffffa800c6f42c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800deee2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800db8e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1120887E-0A0E-4B30-99CA-B978488219C5} fffffa800dc972c0 Device \Driver\cdrom \Device\CdRom1 fffffa800db8e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{87350B16-6591-49F4-8D72-7201A0867706} fffffa800dc972c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800deee2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa800da9d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{588B3E8B-CC3E-4313-AB5D-BF07BCF1E6CB} fffffa800dc972c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6D4CD40D-C28E-4A45-A2F7-C2BABCCDE501} fffffa800dc972c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800deee2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4C377EFD-8026-4944-8A84-57B110820A3A} fffffa800dc972c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800dc972c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800c6f02c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800deee2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800c6f02c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800c6f02c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800c6f02c0 Device \Driver\ak94aqy0 \Device\ScsiPort4 fffffa800e0b02c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800c6f02c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800c6f02c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d7b3790] fffffa800d7b3790 Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800d530680] fffffa800d530680 Trace \Driver\atapi[0xfffffa800d383ca0] -> IRP_MJ_CREATE -> 0xfffffa800c6f02c0 fffffa800c6f02c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\ak94aqy0.SYS fffff88008400000-fffff88008451000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2176:5564] 000007fef5d94094 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2176:5924] 000007fef5d94094 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2176:2400] 000007fef014c0d0 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1840] (GG drive overlay/GG Network S.A.)(2013-11-13 09:40:33) 000000005c080000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2724](2014-07-30 00:20:20) 0000000003fd0000 Library c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsiyspg.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2724](2014-08-15 15:04:10) 0000000004420000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2724](2013-08-23 19:01:44) 00000000614e0000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2724] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000672c0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x2D 0xA5 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xF5 0x36 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x27 0x78 0xAA ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpDomain home Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x2D 0xA5 0x58 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xF5 0x36 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x27 0x78 0xAA ... ---- EOF - GMER 2.1 ----