GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-16 18:02:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T1L0-b SAMSUNG_SP2004C rev.VM100-50 186,31GB Running: n1sow3bp.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 000000014a620460 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 000000014a620450 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 000000014a620370 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 000000014a620470 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 000000014a6203e0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 000000014a620320 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 000000014a6203b0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 000000014a620390 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 000000014a6202e0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 000000014a6202d0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 000000014a620310 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 000000014a6203c0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 000000014a6203f0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 000000014a620230 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 000000014a620480 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 000000014a6203a0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 000000014a6202f0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 000000014a620350 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 000000014a620290 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 000000014a6202b0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 000000014a6203d0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 000000014a620330 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 000000014a620410 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 000000014a620240 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 000000014a6201e0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 000000014a620250 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 000000014a620490 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 000000014a6204a0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 000000014a620300 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 000000014a620360 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 000000014a6202a0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 000000014a6202c0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 000000014a620380 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 000000014a620340 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 000000014a620440 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 000000014a620260 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 000000014a620270 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 000000014a620400 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 000000014a6201f0 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 000000014a620210 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 000000014a620200 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 000000014a620420 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 000000014a620430 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 000000014a620220 .text C:\Windows\system32\csrss.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 000000014a620280 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\wininit.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\wininit.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\services.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\services.exe[560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\lsass.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\System32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\System32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\svchost.exe[416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\System32\spoolsv.exe[1368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\svchost.exe[1532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1744] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000768fa2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1744] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076ed1465 2 bytes [ED, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1744] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076ed14bb 2 bytes [ED, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\svchost.exe[1832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\System32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 000000014a620460 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 000000014a620450 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 000000014a620370 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 000000014a620470 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 000000014a6203e0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 000000014a620320 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 000000014a6203b0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 000000014a620390 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 000000014a6202e0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 000000014a6202d0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 000000014a620310 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 000000014a6203c0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 000000014a6203f0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 000000014a620230 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 000000014a620480 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 000000014a6203a0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 000000014a6202f0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 000000014a620350 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 000000014a620290 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 000000014a6202b0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 000000014a6203d0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 000000014a620330 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 000000014a620410 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 000000014a620240 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 000000014a6201e0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 000000014a620250 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 000000014a620490 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 000000014a6204a0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 000000014a620300 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 000000014a620360 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 000000014a6202a0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 000000014a6202c0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 000000014a620380 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 000000014a620340 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 000000014a620440 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 000000014a620260 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 000000014a620270 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 000000014a620400 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 000000014a6201f0 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 000000014a620210 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 000000014a620200 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 000000014a620420 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 000000014a620430 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 000000014a620220 .text C:\Windows\system32\csrss.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 000000014a620280 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\winlogon.exe[3052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\Dwm.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\Explorer.EXE[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\Explorer.EXE[1680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000768fa2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\SearchIndexer.exe[1460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\System32\svchost.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077181360 5 bytes JMP 00000000772e0460 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000771813b0 5 bytes JMP 00000000772e0450 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 5 bytes JMP 00000000772e0370 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077181560 5 bytes JMP 00000000772e0470 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077181570 5 bytes JMP 00000000772e03e0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077181620 5 bytes JMP 00000000772e0320 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e03b0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077181670 5 bytes JMP 00000000772e0390 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000771816b0 5 bytes JMP 00000000772e02e0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077181730 5 bytes JMP 00000000772e02d0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077181750 5 bytes JMP 00000000772e0310 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077181790 5 bytes JMP 00000000772e03c0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000771817e0 5 bytes JMP 00000000772e03f0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077181940 5 bytes JMP 00000000772e0230 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077181b00 5 bytes JMP 00000000772e0480 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077181b30 5 bytes JMP 00000000772e03a0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077181c10 5 bytes JMP 00000000772e02f0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077181c20 5 bytes JMP 00000000772e0350 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077181c80 5 bytes JMP 00000000772e0290 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077181d10 5 bytes JMP 00000000772e02b0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077181d30 5 bytes JMP 00000000772e03d0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077181d40 5 bytes JMP 00000000772e0330 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077181db0 5 bytes JMP 00000000772e0410 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077181de0 5 bytes JMP 00000000772e0240 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771820a0 5 bytes JMP 00000000772e01e0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077182160 5 bytes JMP 00000000772e0250 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077182190 5 bytes JMP 00000000772e0490 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000771821a0 5 bytes JMP 00000000772e04a0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000771821d0 5 bytes JMP 00000000772e0300 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000771821e0 5 bytes JMP 00000000772e0360 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077182240 5 bytes JMP 00000000772e02a0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077182290 5 bytes JMP 00000000772e02c0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000771822c0 5 bytes JMP 00000000772e0380 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000771822d0 5 bytes JMP 00000000772e0340 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000771825c0 5 bytes JMP 00000000772e0440 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000771827c0 5 bytes JMP 00000000772e0260 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000771827d0 5 bytes JMP 00000000772e0270 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 5 bytes JMP 00000000772e0400 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771829a0 5 bytes JMP 00000000772e01f0 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000771829b0 5 bytes JMP 00000000772e0210 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077182a20 5 bytes JMP 00000000772e0200 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077182a80 5 bytes JMP 00000000772e0420 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077182a90 5 bytes JMP 00000000772e0430 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077182aa0 5 bytes JMP 00000000772e0220 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077182b80 5 bytes JMP 00000000772e0280 .text C:\Windows\system32\taskmgr.exe[3080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f6eecd 1 byte [62] .text C:\Users\Administrator\Desktop\n1sow3bp.exe[2232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000768fa2ba 1 byte [62] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Control\SQMServiceList@SQMServiceList netprofm,netman Reg HKLM\SYSTEM\CurrentControlSet\Control\SQMServiceList@SQMServiceList netprofm,netman Reg HKLM\SYSTEM\ControlSet003\Control\SQMServiceList@SQMServiceList netprofm,netman ---- EOF - GMER 2.1 ----