GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-01 17:57:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB Running: e9gygbz5.exe; Driver: C:\Users\KEMOT5~1\AppData\Local\Temp\pgddipoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fbd000 45 bytes [00, 00, 1E, 00, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fbd02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 000000014a260460 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 000000014a260450 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 000000014a260370 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 000000014a260470 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 000000014a2603e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 000000014a260320 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 000000014a2603b0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 000000014a260390 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 000000014a2602e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 000000014a2602d0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 000000014a260310 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 000000014a2603c0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 000000014a2603f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 000000014a260230 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 000000014a260480 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 000000014a2603a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 000000014a2602f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 000000014a260350 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 000000014a260290 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 000000014a2602b0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 000000014a2603d0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 000000014a260330 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 000000014a260410 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 000000014a260240 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 000000014a2601e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 000000014a260250 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 000000014a260490 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 000000014a2604a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 000000014a260300 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 000000014a260360 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 000000014a2602a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 000000014a2602c0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 000000014a260380 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 000000014a260340 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 000000014a260440 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 000000014a260260 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 000000014a260270 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 000000014a260400 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 000000014a2601f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 000000014a260210 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 000000014a260200 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 000000014a260420 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 000000014a260430 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 000000014a260220 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 000000014a260280 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\wininit.exe[504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 000000014a260460 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 000000014a260450 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 000000014a260370 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 000000014a260470 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 000000014a2603e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 000000014a260320 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 000000014a2603b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 000000014a260390 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 000000014a2602e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 000000014a2602d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 000000014a260310 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 000000014a2603c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 000000014a2603f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 000000014a260230 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 000000014a260480 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 000000014a2603a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 000000014a2602f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 000000014a260350 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 000000014a260290 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 000000014a2602b0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 000000014a2603d0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 000000014a260330 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 000000014a260410 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 000000014a260240 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 000000014a2601e0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 000000014a260250 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 000000014a260490 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 000000014a2604a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 000000014a260300 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 000000014a260360 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 000000014a2602a0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 000000014a2602c0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 000000014a260380 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 000000014a260340 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 000000014a260440 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 000000014a260260 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 000000014a260270 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 000000014a260400 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 000000014a2601f0 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 000000014a260210 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 000000014a260200 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 000000014a260420 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 000000014a260430 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 000000014a260220 .text C:\Windows\system32\csrss.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 000000014a260280 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\services.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\winlogon.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\lsm.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\nvvsvc.exe[832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\System32\svchost.exe[120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\svchost.exe[452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\svchost.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\nvvsvc.exe[1304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\taskhost.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\svchost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\Dwm.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[984] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073fb1a22 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[984] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073fb1ad0 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[984] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073fb1b08 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[984] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073fb1bba 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[984] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073fb1bda 2 bytes [FB, 73] .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000100070460 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000100070450 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000100070370 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000100070470 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000001000703e0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000100070320 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000001000703b0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000100070390 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000001000702d0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000100070310 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000001000703c0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000100070230 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000100070480 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000100070350 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000100070290 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000100070330 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000100070410 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000100070240 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000100070250 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000100070490 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000100070300 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000100070360 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000001000702a0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000001000702c0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000100070380 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000100070340 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000100070440 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000100070260 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000100070270 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000100070400 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000100070210 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000100070200 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000100070420 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000100070430 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\explorer.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000100070280 .text C:\Windows\explorer.exe[1456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\conhost.exe[2564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\System32\rundll32.exe[2736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Users\kemot5647\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\System32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Program Files (x86)\Audacity\audacity.exe[3824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000074dc3f1c 2 bytes JMP 0000000167979490 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\kernel32.dll!CreateFileW + 3 0000000074dc3f1f 2 bytes [BB, F2] .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075638e4e 5 bytes JMP 0000000167978c40 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075640dfb 5 bytes JMP 0000000167978bd0 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!SetFocus 0000000075642175 5 bytes JMP 0000000167978c20 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!SetActiveWindow 0000000075643208 5 bytes JMP 0000000167978c90 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075647b3b 5 bytes JMP 0000000167978b30 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007565f170 5 bytes JMP 0000000167978b00 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000756790fc 5 bytes JMP 0000000167978b60 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 0000000075697d97 5 bytes JMP 0000000167978b80 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\ole32.dll!DoDragDrop 0000000074bba827 5 bytes JMP 0000000167978ae0 .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text D:\Program Files (x86)\Origin\Origin.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text D:\Program Files (x86)\Origin\OriginClientService.exe[4120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text D:\Program Files (x86)\Origin\OriginClientService.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text D:\Program Files (x86)\Origin\OriginClientService.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text C:\Program Files (x86)\Steam\Steam.exe[4592] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Program Files (x86)\Steam\Steam.exe[4592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text C:\Program Files (x86)\Steam\Steam.exe[4592] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\SndVol.exe[4984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007708ef8d 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1536] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000073cf11a8 2 bytes [CF, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1536] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000073cf13a8 2 bytes [CF, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1536] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073cf1422 2 bytes [CF, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1536] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073cf1498 2 bytes [CF, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073fb1a22 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073fb1ad0 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073fb1b08 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073fb1bba 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073fb1bda 2 bytes [FB, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075341465 2 bytes [34, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[6008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753414bb 2 bytes [34, 75] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\taskhost.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000771a1360 5 bytes JMP 0000000077300460 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771a13b0 5 bytes JMP 0000000077300450 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771a1510 5 bytes JMP 0000000077300370 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000771a1560 5 bytes JMP 0000000077300470 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771a1570 5 bytes JMP 00000000773003e0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771a1620 5 bytes JMP 0000000077300320 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771a1650 5 bytes JMP 00000000773003b0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771a1670 5 bytes JMP 0000000077300390 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771a16b0 5 bytes JMP 00000000773002e0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000771a1730 5 bytes JMP 00000000773002d0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771a1750 5 bytes JMP 0000000077300310 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771a1790 5 bytes JMP 00000000773003c0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771a17e0 5 bytes JMP 00000000773003f0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000771a1940 5 bytes JMP 0000000077300230 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000771a1b00 5 bytes JMP 0000000077300480 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000771a1b30 5 bytes JMP 00000000773003a0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000771a1c10 5 bytes JMP 00000000773002f0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000771a1c20 5 bytes JMP 0000000077300350 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771a1c80 5 bytes JMP 0000000077300290 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000771a1d10 5 bytes JMP 00000000773002b0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771a1d30 5 bytes JMP 00000000773003d0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000771a1d40 5 bytes JMP 0000000077300330 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000771a1db0 5 bytes JMP 0000000077300410 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000771a1de0 5 bytes JMP 0000000077300240 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771a20a0 5 bytes JMP 00000000773001e0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000771a2160 5 bytes JMP 0000000077300250 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000771a2190 5 bytes JMP 0000000077300490 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771a21a0 5 bytes JMP 00000000773004a0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771a21d0 5 bytes JMP 0000000077300300 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771a21e0 5 bytes JMP 0000000077300360 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000771a2240 5 bytes JMP 00000000773002a0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000771a2290 5 bytes JMP 00000000773002c0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771a22c0 5 bytes JMP 0000000077300380 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771a22d0 5 bytes JMP 0000000077300340 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771a25c0 5 bytes JMP 0000000077300440 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771a27c0 5 bytes JMP 0000000077300260 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771a27d0 5 bytes JMP 0000000077300270 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771a27e0 5 bytes JMP 0000000077300400 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771a29a0 5 bytes JMP 00000000773001f0 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771a29b0 5 bytes JMP 0000000077300210 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000771a2a20 5 bytes JMP 0000000077300200 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000771a2a80 5 bytes JMP 0000000077300420 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000771a2a90 5 bytes JMP 0000000077300430 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771a2aa0 5 bytes JMP 0000000077300220 .text C:\Windows\system32\AUDIODG.EXE[4572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771a2b80 5 bytes JMP 0000000077300280 .text C:\Users\kemot5647\Desktop\e9gygbz5.exe[5084] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074dea2fd 1 byte [62] ---- Files - GMER 2.1 ---- File C:\Users\kemot5647\AppData\Local\Temp\audacity_temp\project673 0 bytes File C:\Users\kemot5647\AppData\Local\Temp\audacity_temp\project673\e00 0 bytes File C:\Users\kemot5647\AppData\Roaming\Audacity\AutoSave\Nowy projekt - 2014-09-01 12-48-41 N-14.autosave 40767 bytes File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes ---- EOF - GMER 2.1 ----