GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-01 00:24:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GH01 596,17GB Running: f3sj6337.exe; Driver: C:\Users\Alicja\AppData\Local\Temp\awdirpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff0000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ff002f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000149890460 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000149890450 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000149890370 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000149890470 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000001498903e0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000149890320 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000001498903b0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000149890390 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000001498902e0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000001498902d0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000149890310 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000001498903c0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000001498903f0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000149890230 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000149890480 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000001498903a0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000001498902f0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000149890350 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000149890290 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000001498902b0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000001498903d0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000149890330 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000149890410 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000149890240 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000001498901e0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000149890250 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000149890490 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000001498904a0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000149890300 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000149890360 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000001498902a0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000001498902c0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000149890380 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000149890340 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000149890440 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000149890260 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000149890270 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000149890400 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000001498901f0 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000149890210 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000149890200 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000149890420 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000149890430 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000149890220 .text C:\Windows\system32\csrss.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000149890280 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\wininit.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\wininit.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000149890460 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000149890450 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000149890370 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000149890470 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000001498903e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000149890320 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000001498903b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000149890390 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000001498902e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000001498902d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000149890310 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000001498903c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000001498903f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000149890230 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000149890480 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000001498903a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000001498902f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000149890350 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000149890290 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000001498902b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000001498903d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000149890330 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000149890410 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000149890240 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000001498901e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000149890250 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000149890490 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000001498904a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000149890300 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000149890360 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000001498902a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000001498902c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000149890380 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000149890340 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000149890440 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000149890260 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000149890270 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000149890400 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000001498901f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000149890210 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000149890200 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000149890420 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000149890430 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000149890220 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000149890280 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\services.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\svchost.exe[816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\System32\svchost.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\svchost.exe[388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\svchost.exe[404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\rundll32.exe[1892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\Dwm.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\SysWOW64\rundll32.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\Explorer.EXE[2000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\Explorer.EXE[2000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\taskeng.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\taskeng.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Bonjour\mDNSResponder.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000100070460 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000100070370 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000100070470 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000100070320 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000100070390 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000100070310 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000100070230 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000100070250 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000100070490 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2220] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c31465 2 bytes [C3, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c314bb 2 bytes [C3, 75] .text ... * 2 .text C:\Windows\SysWOW64\DllHost.exe[3120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\SysWOW64\DllHost.exe[3236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe[3392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Apoint\Apoint.exe[3668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe[3940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\LiveSupport\LiveSupport.exe[1760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Users\Alicja\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe[3520] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\SearchIndexer.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Users\Alicja\AppData\Local\Torpedo\Torpedo.exe[4316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4488] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075fe8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4488] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\svchost.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[5024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files\Apoint\ApMsgFwd.exe[4412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Apoint\Apntex.exe[5656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\system32\conhost.exe[5672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\wbem\wmiprvse.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\iPod\bin\iPodService.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\DllHost.exe[7108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000075fe3f1c 5 bytes JMP 000000015fa4ab10 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075548e4e 5 bytes JMP 000000015fa4a0b0 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075550dfb 5 bytes JMP 000000015fa49e90 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!SetFocus 0000000075552175 5 bytes JMP 000000015fa49fa0 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!SetActiveWindow 0000000075553208 5 bytes JMP 000000015fa4a1c0 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075557b3b 5 bytes JMP 000000015fa49bc0 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007556f170 5 bytes JMP 000000015fa49ab0 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000755890fc 5 bytes JMP 000000015fa49cd0 .text C:\Program Files (x86)\Origin\Origin.exe[164] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 00000000755a7d97 5 bytes JMP 000000015fa49d80 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5268] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe[2404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\System32\svchost.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7048] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[5064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\wuauclt.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[5460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Sony\VAIO Care\VCService.exe[5484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6560] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\System32\vds.exe[6200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[5868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[6808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\Sony\VAIO Care\Admload.exe[4012] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000774eef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077601360 5 bytes JMP 0000000077760460 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776013b0 5 bytes JMP 0000000077760450 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077601510 5 bytes JMP 0000000077760370 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077601560 5 bytes JMP 0000000077760470 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077601570 5 bytes JMP 00000000777603e0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077601620 5 bytes JMP 0000000077760320 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077601650 5 bytes JMP 00000000777603b0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077601670 5 bytes JMP 0000000077760390 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776016b0 5 bytes JMP 00000000777602e0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077601730 5 bytes JMP 00000000777602d0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077601750 5 bytes JMP 0000000077760310 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077601790 5 bytes JMP 00000000777603c0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776017e0 5 bytes JMP 00000000777603f0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077601940 5 bytes JMP 0000000077760230 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077601b00 5 bytes JMP 0000000077760480 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077601b30 5 bytes JMP 00000000777603a0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077601c10 5 bytes JMP 00000000777602f0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077601c20 5 bytes JMP 0000000077760350 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077601c80 5 bytes JMP 0000000077760290 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077601d10 5 bytes JMP 00000000777602b0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077601d30 5 bytes JMP 00000000777603d0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077601d40 5 bytes JMP 0000000077760330 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077601db0 5 bytes JMP 0000000077760410 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077601de0 5 bytes JMP 0000000077760240 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776020a0 5 bytes JMP 00000000777601e0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077602160 5 bytes JMP 0000000077760250 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077602190 5 bytes JMP 0000000077760490 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776021a0 5 bytes JMP 00000000777604a0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776021d0 5 bytes JMP 0000000077760300 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776021e0 5 bytes JMP 0000000077760360 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077602240 5 bytes JMP 00000000777602a0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077602290 5 bytes JMP 00000000777602c0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776022c0 5 bytes JMP 0000000077760380 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776022d0 5 bytes JMP 0000000077760340 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776025c0 5 bytes JMP 0000000077760440 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776027c0 5 bytes JMP 0000000077760260 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776027d0 5 bytes JMP 0000000077760270 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776027e0 5 bytes JMP 0000000077760400 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776029a0 5 bytes JMP 00000000777601f0 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776029b0 5 bytes JMP 0000000077760210 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077602a20 5 bytes JMP 0000000077760200 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077602a80 5 bytes JMP 0000000077760420 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077602a90 5 bytes JMP 0000000077760430 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077602aa0 5 bytes JMP 0000000077760220 .text C:\Windows\system32\taskhost.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077602b80 5 bytes JMP 0000000077760280 .text C:\Program Files\Sony\VAIO Care\listener.exe[9092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe[3500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Users\Alicja\Desktop\Do analizy\f3sj6337.exe[8316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] ---- Processes - GMER 2.1 ---- Process C:\Users\Alicja\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (*** suspicious ***) @ C:\Users\Alicja\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [3520](2012-10-26 06:49:04) 0000000000d30000 Process C:\Users\Alicja\AppData\Local\Torpedo\Torpedo.exe (*** suspicious ***) @ C:\Users\Alicja\AppData\Local\Torpedo\Torpedo.exe [4316] (Torpedo/Torpedo)(2014-11-14 16:13:50) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ebff1e0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ebff1e0@0022989196ae 0x33 0x90 0x5C 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ebff1e0@0c715d3746ee 0x4E 0x12 0x86 0x35 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ebff1e0@a8f27429c1bc 0xA7 0x47 0xFB 0x20 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ebff1e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ebff1e0@0022989196ae 0x33 0x90 0x5C 0x3C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ebff1e0@0c715d3746ee 0x4E 0x12 0x86 0x35 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ebff1e0@a8f27429c1bc 0xA7 0x47 0xFB 0x20 ... ---- Files - GMER 2.1 ---- File C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0063e4 1060864 bytes File C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0063e1 0 bytes File C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0063e2 0 bytes File C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0063e3 0 bytes ---- EOF - GMER 2.1 ----