GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-13 01:39:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD753LJ rev.1AA01118 698,64GB Running: 0jhhz1tw.exe; Driver: C:\Users\Klient\AppData\Local\Temp\kwrdapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 000000014a460460 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 000000014a460450 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 000000014a460370 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 000000014a460470 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 000000014a4603e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 000000014a460320 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 000000014a4603b0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 000000014a460390 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 000000014a4602e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 000000014a4602d0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 000000014a460310 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 000000014a4603c0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 000000014a4603f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 000000014a460230 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 000000014a460480 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 000000014a4603a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 000000014a4602f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 000000014a460350 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 000000014a460290 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 000000014a4602b0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 000000014a4603d0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 000000014a460330 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 000000014a460410 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 000000014a460240 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 000000014a4601e0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 000000014a460250 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 000000014a460490 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 000000014a4604a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 000000014a460300 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 000000014a460360 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 000000014a4602a0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 000000014a4602c0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 000000014a460380 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 000000014a460340 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 000000014a460440 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 000000014a460260 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 000000014a460270 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 000000014a460400 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 000000014a4601f0 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 000000014a460210 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 000000014a460200 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 000000014a460420 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 000000014a460430 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 000000014a460220 .text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 000000014a460280 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\wininit.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\services.exe[544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\lsass.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\lsass.exe[576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\winlogon.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\lsm.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\atiesrxx.exe[864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\System32\svchost.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\svchost.exe[344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\svchost.exe[440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\AUDIODG.EXE[832] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\svchost.exe[1520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[1656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\taskhost.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\Dwm.exe[2060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\Explorer.EXE[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\Explorer.EXE[2132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\svchost.exe[2428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\WindowsMobile\wmdc.exe[2816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\system32\SearchIndexer.exe[3048] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe[2980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 00000000772b0460 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 00000000772b0450 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 00000000772b0370 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 00000000772b0470 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000000772b03e0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 00000000772b0320 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000000772b03b0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 00000000772b0390 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000000772b02e0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000000772b02d0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 00000000772b0310 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000000772b03c0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000000772b03f0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 00000000772b0230 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 00000000772b0480 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000000772b03a0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000000772b02f0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 00000000772b0350 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 00000000772b0290 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000000772b02b0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000000772b03d0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 00000000772b0330 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 00000000772b0410 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 00000000772b0240 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000000772b01e0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 00000000772b0250 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 00000000772b0490 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000000772b04a0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 00000000772b0300 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 00000000772b0360 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000000772b02a0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000000772b02c0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 00000000772b0380 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 00000000772b0340 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 00000000772b0440 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 00000000772b0260 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 00000000772b0270 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 00000000772b0400 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000000772b01f0 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 00000000772b0210 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 00000000772b0200 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 00000000772b0420 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 00000000772b0430 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 00000000772b0220 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 00000000772b0280 .text C:\Windows\System32\svchost.exe[2768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62] .text C:\Program Files (x86)\WinZip\WZQKPICK.EXE[3116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] .text C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe[3220] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] .text C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE[3240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077151360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771513b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077151510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077151560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077151570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077151620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077151650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077151670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077151730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077151750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077151790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077151940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077151b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077151b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077151c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077151c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077151c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077151d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077151d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077151d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077151db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077151de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077152160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077152190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771521d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771521e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077152240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077152290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771522c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771522d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771525c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771527c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771527d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771527e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771529b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077152a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077152a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077152a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077152aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[4452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077152b80 5 bytes JMP 0000000100070280 .text C:\Users\Klient\Downloads\OTL.com[3280] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] .text C:\Users\Klient\Downloads\OTL.com[3280] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 00000000767d1465 2 bytes [7D, 76] .text C:\Users\Klient\Downloads\OTL.com[3280] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000767d14bb 2 bytes [7D, 76] .text ... * 2 .text C:\Users\Klient\Downloads\0jhhz1tw.exe[2340] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076bba2ba 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:3136] 000007fefb742a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:3156] 000007fef32a4830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:3172] 000007fef32a4830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:3748] 000007fef9265124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:4540] 000007fef3229d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:4624] 000007fef32a4830 ---- EOF - GMER 2.1 ----