GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-20 17:27:28 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST1000DM005_HD103SJ rev.1AJ10001 931,51GB Running: 2pw2j12s.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- ? C:\Windows\system32\DRIVERS\Mam3.sys [0] entry point in "init" section fffff880072e3010 ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 000000014a560460 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 000000014a560450 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 000000014a560370 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 000000014a560470 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 000000014a5603e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 000000014a560320 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 000000014a5603b0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 000000014a560390 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 000000014a5602e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 000000014a5602d0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 000000014a560310 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 000000014a5603c0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 000000014a5603f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 000000014a560230 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 000000014a560480 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 000000014a5603a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 000000014a5602f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 000000014a560350 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 000000014a560290 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 000000014a5602b0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 000000014a5603d0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 000000014a560330 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 000000014a560410 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 000000014a560240 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 000000014a5601e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 000000014a560250 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 000000014a560490 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 000000014a5604a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 000000014a560300 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 000000014a560360 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 000000014a5602a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 000000014a5602c0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 000000014a560380 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 000000014a560340 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 000000014a560440 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 000000014a560260 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 000000014a560270 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 000000014a560400 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 000000014a5601f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 000000014a560210 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 000000014a560200 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 000000014a560420 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 000000014a560430 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 000000014a560220 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 000000014a560280 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\wininit.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\wininit.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\winlogon.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\services.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\services.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\lsass.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\nvvsvc.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\nvvsvc.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\spoolsv.exe[1932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\taskhost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\Explorer.EXE[1676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\Explorer.EXE[1676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2112] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\taskeng.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe[2544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100070230 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100070330 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100070250 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2624] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000000401465 2 bytes [40, 00] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000004014bb 2 bytes [40, 00] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[2876] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000772b3495 5 bytes JMP 000000010030a8d8 .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[2876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Steam\Steam.exe[2896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Steam\Steam.exe[2896] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files (x86)\Steam\Steam.exe[2896] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\conhost.exe[3068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2436] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000003f1465 2 bytes [3F, 00] .text C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe[2436] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000003f14bb 2 bytes [3F, 00] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3172] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000772b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text D:\Program Files (x86)\CyberLink\YouCam\YouCam\YouCamService.exe[3252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3276] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3276] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3276] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000075b21a22 2 bytes [B2, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000075b21ad0 2 bytes [B2, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000075b21b08 2 bytes [B2, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000075b21bba 2 bytes [B2, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000075b21bda 2 bytes [B2, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000000021465 2 bytes [02, 00] .text C:\Windows\SysWOW64\PnkBstrA.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000000214bb 2 bytes [02, 00] .text ... * 2 .text C:\Windows\SysWOW64\PSIService.exe[2752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[4424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\wbem\wmiprvse.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Program Files\iPod\bin\iPodService.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\SearchIndexer.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\svchost.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\svchost.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\DllHost.exe[6752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Windows\System32\svchost.exe[5004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007740ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6512] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077781465 2 bytes [78, 77] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777814bb 2 bytes [78, 77] .text ... * 2 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077621360 5 bytes JMP 0000000077780460 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776213b0 5 bytes JMP 0000000077780450 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077621510 5 bytes JMP 0000000077780370 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077621560 5 bytes JMP 0000000077780470 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077621570 5 bytes JMP 00000000777803e0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077621620 5 bytes JMP 0000000077780320 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077621650 5 bytes JMP 00000000777803b0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077621670 5 bytes JMP 0000000077780390 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776216b0 5 bytes JMP 00000000777802e0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077621730 5 bytes JMP 00000000777802d0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077621750 5 bytes JMP 0000000077780310 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077621790 5 bytes JMP 00000000777803c0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776217e0 5 bytes JMP 00000000777803f0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077621940 5 bytes JMP 0000000077780230 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077621b00 5 bytes JMP 0000000077780480 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077621b30 5 bytes JMP 00000000777803a0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077621c10 5 bytes JMP 00000000777802f0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077621c20 5 bytes JMP 0000000077780350 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077621c80 5 bytes JMP 0000000077780290 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077621d10 5 bytes JMP 00000000777802b0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077621d30 5 bytes JMP 00000000777803d0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077621d40 5 bytes JMP 0000000077780330 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077621db0 5 bytes JMP 0000000077780410 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077621de0 5 bytes JMP 0000000077780240 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776220a0 5 bytes JMP 00000000777801e0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077622160 5 bytes JMP 0000000077780250 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077622190 5 bytes JMP 0000000077780490 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776221a0 5 bytes JMP 00000000777804a0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776221d0 5 bytes JMP 0000000077780300 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776221e0 5 bytes JMP 0000000077780360 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077622240 5 bytes JMP 00000000777802a0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077622290 5 bytes JMP 00000000777802c0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776222c0 5 bytes JMP 0000000077780380 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776222d0 5 bytes JMP 0000000077780340 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776225c0 5 bytes JMP 0000000077780440 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776227c0 5 bytes JMP 0000000077780260 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776227d0 5 bytes JMP 0000000077780270 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776227e0 5 bytes JMP 0000000077780400 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776229a0 5 bytes JMP 00000000777801f0 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776229b0 5 bytes JMP 0000000077780210 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077622a20 5 bytes JMP 0000000077780200 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077622a80 5 bytes JMP 0000000077780420 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077622a90 5 bytes JMP 0000000077780430 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077622aa0 5 bytes JMP 0000000077780220 .text C:\Windows\system32\AUDIODG.EXE[5840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077622b80 5 bytes JMP 0000000077780280 .text C:\Users\admin\Desktop\2pw2j12s.exe[1304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000772da2fd 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001010e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001010c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001011614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001011a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800101186c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [fe8b41057320ff83] [unknown section] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoStartTimer] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeSetEvent] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoCancelIrp] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoStopTimer] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!_vsnwprintf] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IofCompleteRequest] [fffff0b90c428b30] [unknown section] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoInitializeTimer] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [fe3bd80344c20301] [unknown section] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [ff41f3f741c6ff49] [unknown section] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [ff46084103e0c0c2] [unknown section] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!MmUnlockPages] [f5860f2b3900856c] [unknown section] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!EtwRegister] [fff000188c8d4803] [unknown section] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\a9iwfku5.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800c6f42c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800c6f42c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800c6f42c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 fffffa800c6f42c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800c6f42c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800c6f42c0 Device \Driver\a9iwfku5 \Device\Scsi\a9iwfku51Port4Path0Target0Lun0 fffffa800df6c2c0 Device \Driver\a9iwfku5 \Device\Scsi\a9iwfku51 fffffa800df6c2c0 Device \FileSystem\Ntfs \Ntfs fffffa800d0a12c0 Device \FileSystem\fastfat \Fat fffffa801025e2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800df352c0 Device \Driver\USBSTOR \Device\000000ae fffffa800dac42c0 Device \Driver\cdrom \Device\CdRom0 fffffa800db8a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1120887E-0A0E-4B30-99CA-B978488219C5} fffffa800dc972c0 Device \Driver\cdrom \Device\CdRom1 fffffa800db8a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{87350B16-6591-49F4-8D72-7201A0867706} fffffa800dc972c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800df352c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa800daa32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{588B3E8B-CC3E-4313-AB5D-BF07BCF1E6CB} fffffa800dc972c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6D4CD40D-C28E-4A45-A2F7-C2BABCCDE501} fffffa800dc972c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800df352c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800dc972c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800c6f42c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800df352c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800c6f42c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800c6f42c0 Device \Driver\USBSTOR \Device\000000ad fffffa800dac42c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800c6f42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{BFE44D67-5663-4FE1-93C3-51B2208F8640} fffffa800dc972c0 Device \Driver\a9iwfku5 \Device\ScsiPort4 fffffa800df6c2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800c6f42c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800c6f42c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d7b5790] fffffa800d7b5790 Trace 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800d48c060] fffffa800d48c060 Trace \Driver\atapi[0xfffffa800d363060] -> IRP_MJ_CREATE -> 0xfffffa800c6f42c0 fffffa800c6f42c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a9iwfku5.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2013-02-22 21:52:59) fffff88007424000-fffff88007475000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2204:6692] 000007fef8354094 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2204:6696] 000007feef387c4c Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2204:6700] 000007fef8354094 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2204:6704] 000007feeebbc0d0 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2204:6708] 000007fef8354094 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2212:6632] 000007fef8354094 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2212:6648] 000007fef8354094 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2212:6652] 000007feeebbc0d0 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1676] (GG drive overlay/GG Network S.A.)(2013-11-13 09:40:33) 000000005c080000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000068570000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000067870000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436](2014-10-22 00:22:50) 00000000684b0000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000067480000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 00000000044b0000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000 Library c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp816gnq.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436](2014-12-20 15:12:01) 00000000040c0000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000061de0000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005f590000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000061bc0000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000061880000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000062410000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436](2014-10-22 00:22:50) 0000000062400000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000061b90000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000061b50000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000061830000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436](2014-10-22 00:22:48) 000000005d320000 Library C:\Users\admin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2436](2014-10-22 00:22:46) 000000005e2e0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x2D 0xA5 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xF5 0x36 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x49 0x26 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x2D 0xA5 0x58 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0xF5 0x36 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x49 0x26 0xCF ... ---- Files - GMER 2.1 ---- File C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ojkuafij.default\cache2\entries\99F034460DF6AC21093A6F3746D57667F56DA3F7 3603 bytes ---- EOF - GMER 2.1 ----