GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-19 18:56:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.03.0 465,76GB Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 000000014a290460 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 000000014a290450 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 000000014a290370 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 000000014a290470 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 000000014a2903e0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 000000014a290320 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 000000014a2903b0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 000000014a290390 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 000000014a2902e0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 000000014a2902d0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 000000014a290310 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 000000014a2903c0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 000000014a2903f0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 000000014a290230 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 000000014a290480 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 000000014a2903a0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 000000014a2902f0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 000000014a290350 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 000000014a290290 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 000000014a2902b0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 000000014a2903d0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 000000014a290330 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 000000014a290410 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 000000014a290240 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 000000014a2901e0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 000000014a290250 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 000000014a290490 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 000000014a2904a0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 000000014a290300 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 000000014a290360 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 000000014a2902a0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 000000014a2902c0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 000000014a290380 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 000000014a290340 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 000000014a290440 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 000000014a290260 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 000000014a290270 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 000000014a290400 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 000000014a2901f0 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 000000014a290210 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 000000014a290200 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 000000014a290420 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 000000014a290430 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 000000014a290220 .text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 000000014a290280 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\wininit.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 000000014a290460 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 000000014a290450 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 000000014a290370 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 000000014a290470 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 000000014a2903e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 000000014a290320 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 000000014a2903b0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 000000014a290390 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 000000014a2902e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 000000014a2902d0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 000000014a290310 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 000000014a2903c0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 000000014a2903f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 000000014a290230 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 000000014a290480 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 000000014a2903a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 000000014a2902f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 000000014a290350 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 000000014a290290 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 000000014a2902b0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 000000014a2903d0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 000000014a290330 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 000000014a290410 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 000000014a290240 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 000000014a2901e0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 000000014a290250 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 000000014a290490 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 000000014a2904a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 000000014a290300 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 000000014a290360 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 000000014a2902a0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 000000014a2902c0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 000000014a290380 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 000000014a290340 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 000000014a290440 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 000000014a290260 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 000000014a290270 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 000000014a290400 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 000000014a2901f0 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 000000014a290210 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 000000014a290200 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 000000014a290420 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 000000014a290430 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 000000014a290220 .text C:\Windows\system32\csrss.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 000000014a290280 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\lsm.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\winlogon.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\System32\svchost.exe[120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\svchost.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\svchost.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\svchost.exe[1256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\svchost.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\svchost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2300] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\System32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2152] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\SearchIndexer.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\taskeng.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\taskhost.exe[4512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\Dwm.exe[5032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\Explorer.EXE[2980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\System32\WerFault.exe[3708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe[1452] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\taskeng.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\System32\hkcmd.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\System32\igfxpers.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Windows\System32\svchost.exe[5312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5448] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ad8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f91360 5 bytes JMP 00000000770f0460 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f913b0 5 bytes JMP 00000000770f0450 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f91510 5 bytes JMP 00000000770f0370 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f91560 5 bytes JMP 00000000770f0470 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f91570 5 bytes JMP 00000000770f03e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f91620 5 bytes JMP 00000000770f0320 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f91650 5 bytes JMP 00000000770f03b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f91670 5 bytes JMP 00000000770f0390 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f916b0 5 bytes JMP 00000000770f02e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f91730 5 bytes JMP 00000000770f02d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f91750 5 bytes JMP 00000000770f0310 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f91790 5 bytes JMP 00000000770f03c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f917e0 5 bytes JMP 00000000770f03f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f91940 5 bytes JMP 00000000770f0230 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f91b00 5 bytes JMP 00000000770f0480 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f91b30 5 bytes JMP 00000000770f03a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f91c10 5 bytes JMP 00000000770f02f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f91c20 5 bytes JMP 00000000770f0350 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f91c80 5 bytes JMP 00000000770f0290 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f91d10 5 bytes JMP 00000000770f02b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f91d30 5 bytes JMP 00000000770f03d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f91d40 5 bytes JMP 00000000770f0330 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f91db0 5 bytes JMP 00000000770f0410 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f91de0 5 bytes JMP 00000000770f0240 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f920a0 5 bytes JMP 00000000770f01e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f92160 5 bytes JMP 00000000770f0250 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f92190 5 bytes JMP 00000000770f0490 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f921a0 5 bytes JMP 00000000770f04a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f921d0 5 bytes JMP 00000000770f0300 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f921e0 5 bytes JMP 00000000770f0360 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f92240 5 bytes JMP 00000000770f02a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f92290 5 bytes JMP 00000000770f02c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f922c0 5 bytes JMP 00000000770f0380 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f922d0 5 bytes JMP 00000000770f0340 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f925c0 5 bytes JMP 00000000770f0440 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f927c0 5 bytes JMP 00000000770f0260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f927d0 5 bytes JMP 00000000770f0270 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f927e0 5 bytes JMP 00000000770f0400 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f929a0 5 bytes JMP 00000000770f01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f929b0 5 bytes JMP 00000000770f0210 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f92a20 5 bytes JMP 00000000770f0200 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f92a80 5 bytes JMP 00000000770f0420 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f92a90 5 bytes JMP 00000000770f0430 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f92aa0 5 bytes JMP 00000000770f0220 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f92b80 5 bytes JMP 00000000770f0280 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d7ef8d 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5808] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5808] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[5496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Windows\SysWOW64\RunDll32.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075251465 2 bytes [25, 75] .text C:\Windows\SysWOW64\RunDll32.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752514bb 2 bytes [25, 75] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[4688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] .text C:\Users\admin\Desktop\Czyszczenie\gmer.exe[5104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076afa2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2248] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2252] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2256] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2260] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2264] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2268] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2272] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2276] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2280] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2284] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2288] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2292] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2296] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2520] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2524] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2528] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2532] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2540] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2544] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2548] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2552] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2580] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2588] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2628] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2640] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2644] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2648] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2652] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2656] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2660] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2668] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:4220] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:4224] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:4228] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:4236] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:4216] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:4212] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:4192] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:2380] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:5008] 0000000070303810 Thread c:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2092:5108] 0000000070303810 Thread C:\Windows\System32\svchost.exe [2744:3628] 000007fef6919688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab@549b1283e4de 0x68 0x62 0x55 0x4D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab@0cdfa40c3063 0xFD 0x04 0xD4 0xB6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab@00265f73d262 0x92 0xAB 0xAC 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab@c87e75413271 0x61 0xC6 0x28 0x4D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab@30392671fd80 0x66 0x50 0xA9 0xC4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab@942053d9d29f 0x9A 0x56 0x8F 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb07ab@9c3aafae872d 0xD2 0x15 0x07 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab@549b1283e4de 0x68 0x62 0x55 0x4D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab@0cdfa40c3063 0xFD 0x04 0xD4 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab@00265f73d262 0x92 0xAB 0xAC 0x73 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab@c87e75413271 0x61 0xC6 0x28 0x4D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab@30392671fd80 0x66 0x50 0xA9 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab@942053d9d29f 0x9A 0x56 0x8F 0x12 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb07ab@9c3aafae872d 0xD2 0x15 0x07 0x37 ... ---- EOF - GMER 2.1 ----