GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-13 22:38:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: lxxsf385.exe; Driver: C:\Users\mati\AppData\Local\Temp\ugldapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003801000 27 bytes [75, 05, F6, C3, 40, 75, 2A, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 556 fffff8000380101c 26 bytes [85, C1, 0F, 84, 80, B2, F5, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 000000014a2a0460 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 000000014a2a0450 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 000000014a2a0370 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 000000014a2a0470 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 000000014a2a03e0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 000000014a2a0320 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 000000014a2a03b0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 000000014a2a0390 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 000000014a2a02e0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 000000014a2a02d0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 000000014a2a0310 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 000000014a2a03c0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 000000014a2a03f0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 000000014a2a0230 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 000000014a2a0480 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 000000014a2a03a0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 000000014a2a02f0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 000000014a2a0350 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 000000014a2a0290 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 000000014a2a02b0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 000000014a2a03d0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 000000014a2a0330 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 000000014a2a0410 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 000000014a2a0240 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 000000014a2a01e0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 000000014a2a0250 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 000000014a2a0490 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 000000014a2a04a0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 000000014a2a0300 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 000000014a2a0360 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 000000014a2a02a0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 000000014a2a02c0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 000000014a2a0380 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 000000014a2a0340 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 000000014a2a0440 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 000000014a2a0260 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 000000014a2a0270 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 000000014a2a0400 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 000000014a2a01f0 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 000000014a2a0210 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 000000014a2a0200 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 000000014a2a0420 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 000000014a2a0430 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 000000014a2a0220 .text C:\Windows\system32\csrss.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 000000014a2a0280 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\wininit.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\wininit.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 000000014a2a0460 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 000000014a2a0450 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 000000014a2a0370 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 000000014a2a0470 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 000000014a2a03e0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 000000014a2a0320 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 000000014a2a03b0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 000000014a2a0390 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 000000014a2a02e0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 000000014a2a02d0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 000000014a2a0310 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 000000014a2a03c0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 000000014a2a03f0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 000000014a2a0230 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 000000014a2a0480 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 000000014a2a03a0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 000000014a2a02f0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 000000014a2a0350 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 000000014a2a0290 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 000000014a2a02b0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 000000014a2a03d0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 000000014a2a0330 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 000000014a2a0410 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 000000014a2a0240 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 000000014a2a01e0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 000000014a2a0250 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 000000014a2a0490 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 000000014a2a04a0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 000000014a2a0300 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 000000014a2a0360 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 000000014a2a02a0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 000000014a2a02c0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 000000014a2a0380 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 000000014a2a0340 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 000000014a2a0440 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 000000014a2a0260 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 000000014a2a0270 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 000000014a2a0400 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 000000014a2a01f0 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 000000014a2a0210 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 000000014a2a0200 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 000000014a2a0420 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 000000014a2a0430 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 000000014a2a0220 .text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 000000014a2a0280 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\services.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\services.exe[544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsass.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\lsm.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\winlogon.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\atiesrxx.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\System32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\System32\svchost.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\System32\svchost.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\svchost.exe[424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\svchost.exe[424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\atieclxx.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f41465 2 bytes [F4, 74] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f414bb 2 bytes [F4, 74] .text ... * 2 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\System32\spoolsv.exe[1528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text c:\Program Files\Bonjour\mDNSResponder.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074a81a22 2 bytes [A8, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074a81ad0 2 bytes [A8, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074a81b08 2 bytes [A8, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074a81bba 2 bytes [A8, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074a81bda 2 bytes [A8, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f41465 2 bytes [F4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f414bb 2 bytes [F4, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Program Files (x86)\Prime95\prime95.exe[2064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\System32\svchost.exe[2184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\SysWOW64\ntdll.dll[2312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\taskhost.exe[2572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\taskeng.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\Dwm.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\Explorer.EXE[2832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\Explorer.EXE[2832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[3984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\System32\svchost.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunes.exe[1828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Program Files (x86)\iTunes\iTunes.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f41465 2 bytes [F4, 74] .text C:\Program Files (x86)\iTunes\iTunes.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f414bb 2 bytes [F4, 74] .text ... * 2 .text C:\Program Files\iPod\bin\iPodService.exe[5976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3452] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text c:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe[628] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Windows\SysWOW64\DllHost.exe[4040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fb1360 5 bytes JMP 0000000077110460 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fb13b0 5 bytes JMP 0000000077110450 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fb1510 5 bytes JMP 0000000077110370 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fb1560 5 bytes JMP 0000000077110470 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fb1570 5 bytes JMP 00000000771103e0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fb1620 5 bytes JMP 0000000077110320 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fb1650 5 bytes JMP 00000000771103b0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fb1670 5 bytes JMP 0000000077110390 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fb16b0 5 bytes JMP 00000000771102e0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fb1730 5 bytes JMP 00000000771102d0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fb1750 5 bytes JMP 0000000077110310 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fb1790 5 bytes JMP 00000000771103c0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fb17e0 5 bytes JMP 00000000771103f0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fb1940 5 bytes JMP 0000000077110230 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fb1b00 5 bytes JMP 0000000077110480 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fb1b30 5 bytes JMP 00000000771103a0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fb1c10 5 bytes JMP 00000000771102f0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fb1c20 5 bytes JMP 0000000077110350 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fb1c80 5 bytes JMP 0000000077110290 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fb1d10 5 bytes JMP 00000000771102b0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fb1d30 5 bytes JMP 00000000771103d0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fb1d40 5 bytes JMP 0000000077110330 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fb1db0 5 bytes JMP 0000000077110410 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fb1de0 5 bytes JMP 0000000077110240 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fb20a0 5 bytes JMP 00000000771101e0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fb2160 5 bytes JMP 0000000077110250 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fb2190 5 bytes JMP 0000000077110490 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fb21a0 5 bytes JMP 00000000771104a0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fb21d0 5 bytes JMP 0000000077110300 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fb21e0 5 bytes JMP 0000000077110360 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fb2240 5 bytes JMP 00000000771102a0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fb2290 5 bytes JMP 00000000771102c0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fb22c0 5 bytes JMP 0000000077110380 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fb22d0 5 bytes JMP 0000000077110340 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fb25c0 5 bytes JMP 0000000077110440 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fb27c0 5 bytes JMP 0000000077110260 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fb27d0 5 bytes JMP 0000000077110270 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fb27e0 5 bytes JMP 0000000077110400 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fb29a0 5 bytes JMP 00000000771101f0 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fb29b0 5 bytes JMP 0000000077110210 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fb2a20 5 bytes JMP 0000000077110200 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fb2a80 5 bytes JMP 0000000077110420 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fb2a90 5 bytes JMP 0000000077110430 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fb2aa0 5 bytes JMP 0000000077110220 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fb2b80 5 bytes JMP 0000000077110280 .text C:\Windows\system32\AUDIODG.EXE[3720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe[1140] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd807490 11 bytes JMP 000007ffbd7f0198 .text C:\Windows\system32\SearchProtocolHost.exe[4956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e9eecd 1 byte [62] .text C:\Users\mati\Desktop\lxxsf385.exe[5532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076c6a2ba 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [2312:2316] 0000000065c0dea0 Thread C:\Windows\SysWOW64\ntdll.dll [2312:3316] 0000000070ff52c9 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4608] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4612] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4616] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4620] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4624] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4628] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4632] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4636] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4640] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4644] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4648] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4652] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4656] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4660] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4664] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4668] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4672] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4676] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4680] 000000006a98dd78 Thread C:\Windows\SysWOW64\rundll32.exe [2880:4684] 000000006a98dd78 ---- EOF - GMER 2.1 ----