GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-06 09:01:01 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4B 931,51GB Running: 2vornp0u.exe; Driver: C:\Users\Patryk\AppData\Local\Temp\ffdoipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\System32\smss.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\wininit.exe[620] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\winlogon.exe[692] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\System32\svchost.exe[124] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\dwm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\dwm.exe[688] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\dwm.exe[688] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad967177a 4 bytes [67, D9, FA, 07] .text C:\Windows\system32\dwm.exe[688] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad9671782 4 bytes [67, D9, FA, 07] .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[500] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\System32\svchost.exe[1144] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad3331532 4 bytes [33, D3, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad333153a 4 bytes [33, D3, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1188] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad333165a 4 bytes [33, D3, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fad3331532 4 bytes [33, D3, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fad333153a 4 bytes [33, D3, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fad333165a 4 bytes [33, D3, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad967177a 4 bytes [67, D9, FA, 07] .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad9671782 4 bytes [67, D9, FA, 07] .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[1332] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\Explorer.EXE[1612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\Explorer.EXE[1612] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\Explorer.EXE[1612] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad967177a 4 bytes [67, D9, FA, 07] .text C:\Windows\Explorer.EXE[1612] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad9671782 4 bytes [67, D9, FA, 07] .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[1920] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\taskhostex.exe[1968] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad3331532 4 bytes [33, D3, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad333153a 4 bytes [33, D3, FA, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1060] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad333165a 4 bytes [33, D3, FA, 07] .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Program Files\Bonjour\mDNSResponder.exe[2124] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\dashost.exe[2376] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2588] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2720] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\conhost.exe[2732] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[2848] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\wbem\wmiprvse.exe[2796] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\SearchIndexer.exe[3604] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[3784] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\svchost.exe[3852] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\GG.exe[4028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fad967177a 4 bytes [67, D9, FA, 07] .text C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\GG.exe[4028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fad9671782 4 bytes [67, D9, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1080] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fad3331532 4 bytes [33, D3, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fad333153a 4 bytes [33, D3, FA, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1080] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fad333165a 4 bytes [33, D3, FA, 07] .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\wbem\unsecapp.exe[4672] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\System32\RuntimeBroker.exe[5792] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fadb852bc0 5 bytes JMP 000007fb5ba20460 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fadb852c10 5 bytes JMP 000007fb5ba20450 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fadb852d70 5 bytes JMP 000007fb5ba20370 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fadb852dc0 5 bytes JMP 000007fb5ba20470 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fadb852dd0 5 bytes JMP 000007fb5ba203e0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fadb852e80 5 bytes JMP 000007fb5ba20320 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fadb852eb0 5 bytes JMP 000007fb5ba203b0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fadb852ed0 5 bytes JMP 000007fb5ba20390 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fadb852f10 5 bytes JMP 000007fb5ba202e0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fadb852f90 5 bytes JMP 000007fb5ba202d0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fadb852fb0 5 bytes JMP 000007fb5ba20310 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fadb852ff0 5 bytes JMP 000007fb5ba203c0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fadb853040 5 bytes JMP 000007fb5ba203f0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fadb8531b1 5 bytes JMP 000007fb5ba20230 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fadb8533a1 5 bytes JMP 000007fb5ba20480 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fadb8533d1 5 bytes JMP 000007fb5ba203a0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fadb8534e1 5 bytes JMP 000007fb5ba202f0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fadb853501 5 bytes JMP 000007fb5ba20350 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fadb853571 5 bytes JMP 000007fb5ba20290 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fadb853601 5 bytes JMP 000007fb5ba202b0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fadb853621 5 bytes JMP 000007fb5ba203d0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fadb853631 5 bytes JMP 000007fb5ba20330 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fadb8536d1 5 bytes JMP 000007fb5ba20410 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fadb853701 5 bytes JMP 000007fb5ba20240 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fadb853a11 5 bytes JMP 000007fb5ba201e0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fadb853ad1 5 bytes JMP 000007fb5ba20250 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fadb853b01 5 bytes JMP 000007fb5ba20490 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fadb853b11 5 bytes JMP 000007fb5ba204a0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fadb853b41 5 bytes JMP 000007fb5ba20300 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fadb853b51 5 bytes JMP 000007fb5ba20360 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fadb853bb1 5 bytes JMP 000007fb5ba202a0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fadb853c01 5 bytes JMP 000007fb5ba202c0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fadb853c31 5 bytes JMP 000007fb5ba20380 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fadb853c41 5 bytes JMP 000007fb5ba20340 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fadb853f51 5 bytes JMP 000007fb5ba20440 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fadb854151 5 bytes JMP 000007fb5ba20260 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fadb854161 5 bytes JMP 000007fb5ba20270 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fadb854181 5 bytes JMP 000007fb5ba20400 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fadb854361 5 bytes JMP 000007fb5ba201f0 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fadb854371 5 bytes JMP 000007fb5ba20210 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fadb8543e1 5 bytes JMP 000007fb5ba20200 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fadb854451 5 bytes JMP 000007fb5ba20420 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fadb854461 5 bytes JMP 000007fb5ba20430 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fadb854471 5 bytes JMP 000007fb5ba20220 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fadb854581 5 bytes JMP 000007fb5ba20280 .text C:\Windows\system32\AUDIODG.EXE[1800] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fadab9f817 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [636:660] fffff960009065e8 ---- Processes - GMER 2.1 ---- Process C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\GG.exe (*** suspicious ***) @ C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\GG.exe [4028] (GG/GG Network S.A.)(2014-08-31 14:07:59) 000000f97e670000 Library C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\Common.DLL (*** suspicious ***) @ C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\GG.exe [4028] (FILE NOT FOUND) 000000f91e070000 Library C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\WinRTXamlToolkit.DLL (*** suspicious ***) @ C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\GG.exe [4028] (FILE NOT FOUND) 000000f91c4d0000 Library C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\Background.winmd (*** suspicious ***) @ C:\Program Files\WindowsApps\6298F5A8.GG_2.0.0.179_x64__nmmbtdjpca5da\GG.exe [4028] (FILE NOT FOUND) 000000f91c230000 Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_1.9.0.2020_x86__kzf8qxf38zg5c\LibWrap.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [5776] (Microsoft Skype/Microsoft Corporation)(2014-07-23 18:55:42) 000000005c500000 ---- EOF - GMER 2.1 ----